US6189098B1 - Client/server protocol for proving authenticity - Google Patents

Client/server protocol for proving authenticity Download PDF

Info

Publication number
US6189098B1
US6189098B1 US09/527,020 US52702000A US6189098B1 US 6189098 B1 US6189098 B1 US 6189098B1 US 52702000 A US52702000 A US 52702000A US 6189098 B1 US6189098 B1 US 6189098B1
Authority
US
United States
Prior art keywords
client
server
certificate
credential
public key
Prior art date
Legal status (The legal status is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the status listed.)
Expired - Lifetime
Application number
US09/527,020
Inventor
Burton S. Kaliski, Jr.
Current Assignee (The listed assignees may be inaccurate. Google has not performed a legal analysis and makes no representation or warranty as to the accuracy of the list.)
EMC Corp
Original Assignee
RSA Security LLC
Priority date (The priority date is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the date listed.)
Filing date
Publication date
Application filed by RSA Security LLC filed Critical RSA Security LLC
Priority to US09/527,020 priority Critical patent/US6189098B1/en
Application granted granted Critical
Publication of US6189098B1 publication Critical patent/US6189098B1/en
Assigned to RSA SECURITY HOLDING, INC. reassignment RSA SECURITY HOLDING, INC. ASSIGNMENT OF ASSIGNORS INTEREST (SEE DOCUMENT FOR DETAILS). Assignors: RSA SECURITY LLC
Assigned to EMC CORPORATION reassignment EMC CORPORATION ASSIGNMENT OF ASSIGNORS INTEREST (SEE DOCUMENT FOR DETAILS). Assignors: RSA SECURITY HOLDING, INC.
Assigned to RSA SECURITY LLC reassignment RSA SECURITY LLC MERGER (SEE DOCUMENT FOR DETAILS). Assignors: RSA SECURITY INC.
Assigned to EMC CORPORATION reassignment EMC CORPORATION ASSIGNMENT OF ASSIGNORS INTEREST (SEE DOCUMENT FOR DETAILS). Assignors: RSA SECURITY HOLDING, INC.
Assigned to RSA SECURITY HOLDING, INC. reassignment RSA SECURITY HOLDING, INC. ASSIGNMENT OF ASSIGNORS INTEREST (SEE DOCUMENT FOR DETAILS). Assignors: RSA SECURITY LLC
Anticipated expiration legal-status Critical
Expired - Lifetime legal-status Critical Current

Links

Images

Classifications

    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L63/00Network architectures or network communication protocols for network security
    • H04L63/04Network architectures or network communication protocols for network security for providing a confidential data exchange among entities communicating through data packet networks
    • H04L63/0428Network architectures or network communication protocols for network security for providing a confidential data exchange among entities communicating through data packet networks wherein the data content is protected, e.g. by encrypting or encapsulating the payload
    • GPHYSICS
    • G06COMPUTING; CALCULATING OR COUNTING
    • G06FELECTRIC DIGITAL DATA PROCESSING
    • G06F21/00Security arrangements for protecting computers, components thereof, programs or data against unauthorised activity
    • G06F21/30Authentication, i.e. establishing the identity or authorisation of security principals
    • G06F21/31User authentication
    • G06F21/33User authentication using certificates
    • GPHYSICS
    • G06COMPUTING; CALCULATING OR COUNTING
    • G06QINFORMATION AND COMMUNICATION TECHNOLOGY [ICT] SPECIALLY ADAPTED FOR ADMINISTRATIVE, COMMERCIAL, FINANCIAL, MANAGERIAL OR SUPERVISORY PURPOSES; SYSTEMS OR METHODS SPECIALLY ADAPTED FOR ADMINISTRATIVE, COMMERCIAL, FINANCIAL, MANAGERIAL OR SUPERVISORY PURPOSES, NOT OTHERWISE PROVIDED FOR
    • G06Q20/00Payment architectures, schemes or protocols
    • G06Q20/04Payment circuits
    • GPHYSICS
    • G06COMPUTING; CALCULATING OR COUNTING
    • G06QINFORMATION AND COMMUNICATION TECHNOLOGY [ICT] SPECIALLY ADAPTED FOR ADMINISTRATIVE, COMMERCIAL, FINANCIAL, MANAGERIAL OR SUPERVISORY PURPOSES; SYSTEMS OR METHODS SPECIALLY ADAPTED FOR ADMINISTRATIVE, COMMERCIAL, FINANCIAL, MANAGERIAL OR SUPERVISORY PURPOSES, NOT OTHERWISE PROVIDED FOR
    • G06Q20/00Payment architectures, schemes or protocols
    • G06Q20/30Payment architectures, schemes or protocols characterised by the use of specific devices or networks
    • G06Q20/34Payment architectures, schemes or protocols characterised by the use of specific devices or networks using cards, e.g. integrated circuit [IC] cards or magnetic cards
    • G06Q20/341Active cards, i.e. cards including their own processing means, e.g. including an IC or chip
    • GPHYSICS
    • G06COMPUTING; CALCULATING OR COUNTING
    • G06QINFORMATION AND COMMUNICATION TECHNOLOGY [ICT] SPECIALLY ADAPTED FOR ADMINISTRATIVE, COMMERCIAL, FINANCIAL, MANAGERIAL OR SUPERVISORY PURPOSES; SYSTEMS OR METHODS SPECIALLY ADAPTED FOR ADMINISTRATIVE, COMMERCIAL, FINANCIAL, MANAGERIAL OR SUPERVISORY PURPOSES, NOT OTHERWISE PROVIDED FOR
    • G06Q20/00Payment architectures, schemes or protocols
    • G06Q20/38Payment protocols; Details thereof
    • G06Q20/382Payment protocols; Details thereof insuring higher security of transaction
    • G06Q20/3821Electronic credentials
    • G06Q20/38215Use of certificates or encrypted proofs of transaction rights
    • GPHYSICS
    • G06COMPUTING; CALCULATING OR COUNTING
    • G06QINFORMATION AND COMMUNICATION TECHNOLOGY [ICT] SPECIALLY ADAPTED FOR ADMINISTRATIVE, COMMERCIAL, FINANCIAL, MANAGERIAL OR SUPERVISORY PURPOSES; SYSTEMS OR METHODS SPECIALLY ADAPTED FOR ADMINISTRATIVE, COMMERCIAL, FINANCIAL, MANAGERIAL OR SUPERVISORY PURPOSES, NOT OTHERWISE PROVIDED FOR
    • G06Q20/00Payment architectures, schemes or protocols
    • G06Q20/38Payment protocols; Details thereof
    • G06Q20/40Authorisation, e.g. identification of payer or payee, verification of customer or shop credentials; Review and approval of payers, e.g. check credit lines or negative lists
    • G06Q20/409Device specific authentication in transaction processing
    • G06Q20/4097Device specific authentication in transaction processing using mutual authentication between devices and transaction partners
    • GPHYSICS
    • G07CHECKING-DEVICES
    • G07FCOIN-FREED OR LIKE APPARATUS
    • G07F7/00Mechanisms actuated by objects other than coins to free or to actuate vending, hiring, coin or paper currency dispensing or refunding apparatus
    • G07F7/08Mechanisms actuated by objects other than coins to free or to actuate vending, hiring, coin or paper currency dispensing or refunding apparatus by coded identity card or credit card or other personal identification means
    • G07F7/10Mechanisms actuated by objects other than coins to free or to actuate vending, hiring, coin or paper currency dispensing or refunding apparatus by coded identity card or credit card or other personal identification means together with a coded signal, e.g. in the form of personal identification information, like personal identification number [PIN] or biometric data
    • G07F7/1008Active credit-cards provided with means to personalise their use, e.g. with PIN-introduction/comparison system
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L63/00Network architectures or network communication protocols for network security
    • H04L63/08Network architectures or network communication protocols for network security for authentication of entities
    • H04L63/0823Network architectures or network communication protocols for network security for authentication of entities using certificates
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L9/00Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols
    • H04L9/08Key distribution or management, e.g. generation, sharing or updating, of cryptographic keys or passwords
    • H04L9/0816Key establishment, i.e. cryptographic processes or cryptographic protocols whereby a shared secret becomes available to two or more parties, for subsequent use
    • H04L9/0838Key agreement, i.e. key establishment technique in which a shared key is derived by parties as a function of information contributed by, or associated with, each of these
    • H04L9/0841Key agreement, i.e. key establishment technique in which a shared key is derived by parties as a function of information contributed by, or associated with, each of these involving Diffie-Hellman or related key agreement protocols
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L9/00Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols
    • H04L9/32Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols including means for verifying the identity or authority of a user of the system or for message authentication, e.g. authorization, entity authentication, data integrity or data verification, non-repudiation, key authentication or verification of credentials
    • H04L9/3247Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols including means for verifying the identity or authority of a user of the system or for message authentication, e.g. authorization, entity authentication, data integrity or data verification, non-repudiation, key authentication or verification of credentials involving digital signatures
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L9/00Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols
    • H04L9/32Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols including means for verifying the identity or authority of a user of the system or for message authentication, e.g. authorization, entity authentication, data integrity or data verification, non-repudiation, key authentication or verification of credentials
    • H04L9/3263Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols including means for verifying the identity or authority of a user of the system or for message authentication, e.g. authorization, entity authentication, data integrity or data verification, non-repudiation, key authentication or verification of credentials involving certificates, e.g. public key certificate [PKC] or attribute certificate [AC]; Public key infrastructure [PKI] arrangements
    • H04L9/3268Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols including means for verifying the identity or authority of a user of the system or for message authentication, e.g. authorization, entity authentication, data integrity or data verification, non-repudiation, key authentication or verification of credentials involving certificates, e.g. public key certificate [PKC] or attribute certificate [AC]; Public key infrastructure [PKI] arrangements using certificate validation, registration, distribution or revocation, e.g. certificate revocation list [CRL]
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L9/00Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols
    • H04L9/32Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols including means for verifying the identity or authority of a user of the system or for message authentication, e.g. authorization, entity authentication, data integrity or data verification, non-repudiation, key authentication or verification of credentials
    • H04L9/3297Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols including means for verifying the identity or authority of a user of the system or for message authentication, e.g. authorization, entity authentication, data integrity or data verification, non-repudiation, key authentication or verification of credentials involving time stamps, e.g. generation of time stamps
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L9/00Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols
    • H04L9/50Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols using hash chains, e.g. blockchains or hash trees
    • GPHYSICS
    • G06COMPUTING; CALCULATING OR COUNTING
    • G06FELECTRIC DIGITAL DATA PROCESSING
    • G06F2211/00Indexing scheme relating to details of data-processing equipment not covered by groups G06F3/00 - G06F13/00
    • G06F2211/007Encryption, En-/decode, En-/decipher, En-/decypher, Scramble, (De-)compress
    • G06F2211/008Public Key, Asymmetric Key, Asymmetric Encryption
    • GPHYSICS
    • G06COMPUTING; CALCULATING OR COUNTING
    • G06FELECTRIC DIGITAL DATA PROCESSING
    • G06F2211/00Indexing scheme relating to details of data-processing equipment not covered by groups G06F3/00 - G06F13/00
    • G06F2211/009Trust
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L2209/00Additional information or applications relating to cryptographic mechanisms or cryptographic arrangements for secret or secure communication H04L9/00
    • H04L2209/30Compression, e.g. Merkle-Damgard construction
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L2209/00Additional information or applications relating to cryptographic mechanisms or cryptographic arrangements for secret or secure communication H04L9/00
    • H04L2209/56Financial cryptography, e.g. electronic payment or e-cash

Definitions

  • the invention relates to a protocol for one party to an electronic transaction, as for example a client in a client-server transaction, to prove its authenticity to the other party of the transaction.
  • Client-server systems provide electronic access by the client to data, information, accounts and other material stored at the server.
  • the system provides a client electronic access to accounts and financial resources.
  • the client In a client-server transaction, the client is required to prove to the server that it is an authentic client, and not some impersonator or other unauthorized party. Protocols are known by which a client proves to a server its authenticity, while at the same time it does not reveal information that could be misused by a third party.
  • a standard well known protocol for proving authenticity involves public-key cryptography.
  • the client establishes a public key/private key pair and provides the public key to the server.
  • the client forms a digital signature with its private key on a time-varying message, and the server verifies the digital signature with the client's public key.
  • the time-varying message which may be a timestamp or a challenge supplied by the server, is different in each instance. This message, when checked by the server, provides safeguards against a third party impersonating the client by simply replaying copies of previous signatures of the client that the third party has intercepted or otherwise acquired.
  • the server trusts that the public key belongs to the client, i.e., that the client is in fact actively involved in the transaction because it is presumed that only the client knows the private key and can form valid digital signatures.
  • a convenient way to establish trust in a public key is to use a certificate. This is accomplished by a certification authority issuing public-key certificates signed with the certification authority's private key, which thereby asserts to the server that the client's public key is a valid public key issued by or registered with the certification authority. Assuming the server trusts the certification authority's public key, then it trusts the client's certificate, the client's public key and ultimately the client's authenticity.
  • Beller and Yacobi in an article entitled “Fully-Fledged Two-Way Public Key Authentication and Key Agreement for Low-Cost Terminals” ELECTRONICS LETTERS , May 27, 1993, Vol. 29, No. 11, at pages 999-1000, describe a protocol that provides for less on-line computation on one side of the protocol.
  • authentication of the server by the client is carried out by the server sending a random challenge with an expected “colour”, structure or format, to the client for verification by the client.
  • Authentication of the client by the server is achieved by the client sending to the server its identity, public key, certificate and a signature on the random challenge for verification of the certificate and the signature by the server.
  • the protocol is described as being useful where one side of the interaction is a low-cost customer device such as portable telephones, home banking terminals, smart cards and notebook computers.
  • a protocol that is less computationally expensive for a client but achieves similar goals as the standard protocol is used to develop a server's trust in the client.
  • a certificate provided by a trusted certification authority to the client is encrypted with a key known only to the client and the server or the public key of the server.
  • the client forms no digital signature. Since only the client and the server it trusts have access to the certificate, the certificate itself is proof of the authenticity of the client.
  • This protocol is particularly useful in client devices having small computational capacity, e.g., a smart card.
  • the certificate can include a one way function, such as a cryptographic hash function of a secret value or a root of a hash tree of secret values for protection against the certification authority or unauthorized servers, respectively.
  • a still further more general protocol involves a user, which may be an individual, a computer or some other entity, connected to a verifier by way of an encrypted communications channel such that the user can confidentially deliver to the verifier information essential to verify the message.
  • FIG. 1 schematically illustrates the components of a smart card
  • FIG. 2 illustrates the components of a server
  • FIG. 3A is a flow diagram showing the procedure for generating messages by a client to prove its authenticity to a server
  • FIG. 3B is a flow diagram showing the processing at the server of messages sent by a client to authenticate the client;
  • FIG. 4A is a flow diagram illustrating an interactive embodiment of the invention where the server sends a copy of its certificate to a client;
  • FIG. 4B is a flow diagram illustrating an interactive embodiment of the invention where the server sends a copy of its certificate and a time-varying value to the client;
  • FIG. 4C is a flow diagram illustrating an interactive embodiment of the invention where the server sends a time-varying value to the client;
  • FIG. 5 is a flow diagram illustrating an interactive embodiment of the invention where a client is sent a message signed by the server;
  • FIG. 6 is a partial flow diagram illustrating a variation in the messages generated by the client
  • FIG. 7 is a partial flow diagram illustrating a version of the invention where a client's certificate is sent directly to a server;
  • FIG. 8 is a partial flow diagram of FIG. 5 modified so that only part of the client's certificate is encrypted
  • FIG. 9 is a partial flow diagram of FIG. 6 modified so that only part of the client's certificate is encrypted
  • FIG. 10 is a partial flow diagram of FIG. 7 modified so that only part of the client's certificate is encrypted
  • FIG. 11 is an illustration of a hash tree which may be used to prevent misuse by a server.
  • FIG. 12 illustrates a still further flow diagram of essential elements of a system having a more general protocol but which may have features of other embodiments disclosed herein added thereto.
  • the disclosed exemplary embodiments as described later can involve a user, which can be an individual, a computer or some other entity, which is connected to a verifier, which can be a client, a server or some other entity, via an encrypted communications channel whereby the user can confidentially deliver to the verifier information essential to verify the message.
  • a smart card includes a microchip containing a processor and memories to hold programs and data.
  • FIG. 1 illustrates a smart card 1 comprising a processor 2 , an erasable programmable read only memory (EPROM) 3 , programmable read only memory (PROM) 4 , random access memory (RAM) 5 , input/output (I/O) port 6 , number generator 7 , clock 8 and power source 9 .
  • PROM 4 holds the card operating system and RAM 5 holds temporary results of calculations.
  • EPROM 3 holds the certificate for the card. This certificate for the card, unlike the usual public key certificate, need not include the public key of the client since authentication of the client by the server does not rely on the public key of the client.
  • a cache of public keys of one or more servers may also be stored in PROM 4 or EPROM 3 .
  • Number generator 7 provides random seed numbers to the processor for generating secret session keys.
  • Clock 8 conventional and well known in the art, is used for generating a timestamp and for verifying a received timestamp. Clock 8 is optional where the server's timestamp or time-varying value is used by the client to provide a time-varying value or where a challenge procedure is followed.
  • Power source 9 is a battery when a card has a clock. Otherwise, power may be supplied by an external source or a server.
  • I/O terminals 6 provide a means for external communications.
  • the public key of a trusted certification authority may be stored in PROM 4 or EPROM 3 .
  • PROM 4 or the RAM 5 if non-volatile, may have a section for storing certificate revocation lists (CRLs).
  • CTLs certificate revocation lists
  • Such a list would include a list of servers whose certificates have expired or been revoked. This list would be provided by signed and dated messages from the trusted certification authority either directly or indirectly while in a communicating relationship with a server. Reference to the list during the initial stages of the protocol will indicate whether the transaction being initiated is with a valid server or with one holding a revoked certificate, and thereby whether a received server's certificate is to be verified.
  • PROM 4 is loaded with an operating program to be executed by processor 2 , clock 8 is set (or an initial time-varying value, e.g., a sequence number or a timestamp is set in one of the memories when a clock is not used) and the certificate associated with the card and the trusted certification authority's public key are loaded into the memories.
  • server public keys and CRLs are also loaded into the memories.
  • a server 40 as illustrated in FIG. 2 includes a processor 60 , a facility for generating a time-varying value or timestamp 42 , input/output port 63 , and a memory 61 for holding the operating program for the processor, the private key PRIV SERV associated with the server's public key PUB SERV and the public key PUB TCA of the trusted certification authority that signed the client's certificate.
  • memory 61 may hold a certificate revocation list (CRL) and a certificate (CERT-S) for its public key.
  • the facility for generating a time-varying value 42 may comprise a clock for generating a timestamp or other means for generating a time-varying value.
  • the I/O port 63 provides an interface between the processor of the server and external entities.
  • FIG. 3A illustrates the processing by a client for generating and sending messages to a server for use by the server to prove the client's authenticity.
  • a client at 101 generates or provides a time-varying value (TS). This may be a timestamp or other value which changes with time.
  • the client also generates a random secret session key (KSS) at 102 employing a number generator or other means to provide a random seed number.
  • KSS random secret session key
  • the time-varying value TS and the secret session key KSS are concatenated and at 104 the result is encrypted with the server's public key PUB SERV which has been retrieved from memory 4 or 5 .
  • TS ⁇ PUB SERV is sent to the server at 107 .
  • the client's certificate (CERT-C) is retrieved from memory, EPROM 3 , at 105 , encrypted with the secret session key KSS at 106 to form message ⁇ CER-TC ⁇ KSS which is sent to the server at 108 .
  • the sending operations 107 and 108 may be combined into one operation.
  • FIG. 3B illustrates the processing at a server 40 of messages received from a client via I/O port 63 for the purpose of ensuring the authenticity of the client.
  • the server decrypts at 201 the message ⁇ KSS
  • the received time-varying value TS is compared with a reference value obtained from the server's facility for generating a time-varying value 42 . Where the values do not compare an error signal is generated at 207 and the process is terminated.
  • the processing continues at 203 with recovery of the secret session key KSS and at 204 by decrypting of the message ⁇ CERT-C ⁇ KSS using the secret session key.
  • This provides the server with the client's certificate (CERT-C) which is then at 205 subjected to a public key operation using the trusted certification authority's public key PUB TCA retrieved from memory 61 .
  • a verification of the certificate (CERT-C) is performed with the subsequent generation at 208 of an error signal where the certificate cannot be verified or the generating of an authentic signal at 209 where the certificate is found to be authentic.
  • the verification procedure at 206 may include the use of the CRL stored in memory 61 .
  • One embodiment of the invention is a non-interactive version where the protocol requires only the sending of messages over a communications channel by a client to the server with which it is seeking to execute a transaction.
  • a message designated 11 in the drawing figures, containing information needed by the client to produce authenticating messages for the server, e.g., the public key of the server and/or a time-varying value provided by the server, is sent by the server to the client.
  • the client has need of assurance of the server's presence in the transaction and therefore requires a message signed by the server.
  • FIG. 6 represents a modification of the embodiments of the invention due to the message generated by the client having the time-varying value combined with the certificate of the client.
  • FIG. 7 shows a version of the invention where a session key is not used.
  • FIGS. 8 to 10 illustrate modifications to the embodiments of FIGS. 5 to 7 wherein only a part of the client's certificate is encrypted.
  • FIG. 12 illustrates a fundamental protocol whereby a user can confidentially deliver to a verifier information which is essential to verify a message signed by a credential issuing authority, but which may be modified to include one or more features of other disclosed embodiments.
  • the protocol is essentially as shown in FIGS. 3A and 3B with a client configuration as in FIG. 1 and a server configuration as in FIG. 2 .
  • the client upon gaining access to a server 40 obtains the server's public key from a local storage, generates a random secret session key KSS ( 102 ), concatenates ( 103 ) it with an internally generated time-varying value, encrypts ( 104 ) the result with the server's public key and sends the result to server 40 ( 107 ).
  • the client concurrently or subsequently retrieves its certificate (CERT-C) from storage ( 105 ) encrypts ( 106 ) the certificate with the secret session key and sends the result to server 40 ( 108 ).
  • CERT-C certificate
  • server 40 encrypts
  • server 40 sends the result to server 40 ( 108 ).
  • CERT-C certificate
  • the client's confidence in the server is assured by the use of the server's public key, since only the server can decrypt a message encrypted with its public key.
  • the authenticity of the client is established to the satisfaction of the server by its receipt and verification of the time-varying value and the client's certificate by processing the received messages in accordance with the procedure shown in FIG. 3 B.
  • message 11 consists of a certificate (CERT-S), a time-varying value, or a combination of a certificate (CERT-S) and a time-varying value.
  • CERT-S certificate
  • FIG. 5 shows an interactive embodiment where the server provides a signed message 11 . Since FIG. 5 is the most comprehensive, it will be described first, and the embodiments of FIGS. 4A, 4 B and 4 C described primarily with respect to differentiating features caused by the differences in the content of message 11 .
  • the parties to the electronic transaction are the client 20 and the server 40 .
  • Messages 11 , 12 and 13 are generated and exchanged between the client 20 and the server 40 over a communications channel 15 .
  • Successful exchanges of the messages establish the trust of the client 20 in the server 40 and the authenticity of the client 20 to the server 40 .
  • Communications channel 15 may simply be electrical connections between a card reader and the terminal equipment at a server or may be in the form of a telephone or other communications link established between a client and a remote server, or other conventional communications medium.
  • Client 20 includes a certificate (CERT-C) 21 stored in EPROM 3 , a key generator (KEY) 22 , a facility for generating a time-varying value (TS) 23 which may include the clock 8 , when used, and the public key (PUB TCA ) 24 of the trusted certification authority which may be stored in EPROM 3 or PROM 4 .
  • Certificate 21 comprises a message provided and signed by the trusted certification authority with its private key in the standard manner. The message in this instance need not be the client's public key because this key is not involved in the protocol. Any message is sufficient and may be certain well structured information about the client, e.g., account number and expiration date of the account.
  • the message may also indicate the types of transactions for which the client 20 is authorized and the period of time during which the certificate may be considered valid.
  • the key generator 22 is comprised of any conventional means of generating an encryption key. It may comprise a subroutine in the processor and use a number supplied by a number generator 7 .
  • the facility 23 may comprise conventional clock 8 that provides a current date and time or may be one that operates on a received timestamp or time-varying value.
  • Key 24 the public key of the trusted certification authority, is used to verify a certificate sent by the server and signed by the trusted certification authority.
  • Key storage unit 25 represents an optional memory or memory section for storage of keys of one or more frequently used servers. These are the public keys of servers and are made available to clients by the servers. Storing the public key of server 40 and other selected servers at the client avoids the need to process the certificate from a server to recover the key, or provides a source for the key where the certificate does not contain the public key or an easily recoverable copy of the public key of the server.
  • CRL storage unit 26 also an optional memory or memory section, stores a list of certificates that have been revoked.
  • Elements 30 through 35 illustrate the functional processes of the protocol performed by the client to establish trust in the server.
  • Public key operations are conventional well known processes in the art. Recovering the public key of the server from the server's certificate for the key and storing it in a memory, as illustrated in block 30 , is a certificate processing within the skill of art.
  • Functional element 32 represents a public key operation performed with the trusted certification authority's public key 24 on the certificate portion of the message 11 received from the server 40 .
  • Functional element 31 represents a public key operation performed on the timestamp or other time-varying value received from a server with the server's public key obtained from processing the certificate at read and store element 30 or from key storage unit 25 .
  • a standard verification procedure is used to verify the certificate.
  • a certificate revocation list supplied from memory 26 may optionally be used in verifying the certificate.
  • Functional element 34 represents a comparison and verification of the timestamp or time-varying value received from the server 40 to verify that it is proper.
  • the smart card or client has a clock
  • a simple comparison (allowing for small time differences) of the time at clock 8 with the time of the received timestamp suffices to verify a received timestamp.
  • the smart card does not include a clock
  • the stored time of a last received valid timestamp can be compared with the time of the currently received timestamp to verify that the currently received timestamp is later in time. Any time-varying value may be received and processed to verify that it is of recent origin or in a proper time sequence.
  • Symbol 35 is a representation that permits further processing, i.e. the generation of the secret session key, when both the received certificate and time-varying have been verified (indicated by YES outputs of elements 33 and 34 ).
  • Elements 36 , 37 and 38 illustrate the functional processes performed by the client 20 to generate messages 12 and 13 .
  • Message 12 is generated by concatenating the session key 22 and the time-varying value from facility 23 at element 36 and performing a public key encryption on the combination in public key operation 37 with the public key of server 40 retrieved from read and store element 30 or key storage unit 25 .
  • Message 13 is generated by performing an encryption at element 38 on the certificate 21 with the session key 22 .
  • the functional elements and blocks of client 20 define operational steps performed by a processor, e.g., processor 2 of FIG. 1 .
  • the functional elements and blocks of server 40 illustrate operational steps performed by the server's processor 60 .
  • Server 40 of FIG. 5 includes a certificate (CERT-S) 41 provided by the trusted certification authority, a facility for generating time-varying values (TS) 42 , the private key of the server (PRIV SERV ) 43 and the public key of the trusted certification authority (PUB TCA ) 44 .
  • Certificate 41 is a certificate for the server's 40 public key, and contains a message which includes the server's public key and that identifies the server as a valid and authorized holder of the public key.
  • Facility 42 may be provided by a clock.
  • the key 43 is the server's private key of the public key/private key pair used in standard public key cryptography.
  • Key 44 is the public key of the trusted certification authority.
  • CRL 45 is an optional element that stores certificate revocation lists for both server's and client's certificates.
  • the server CRL is for forwarding to a client during the herein described protocol or ancillary to the protocol.
  • the client CRL would serve, for example, as a list of revoked smart cards, i.e., cards that have been lost, stolen, destroyed or that have expired.
  • the server's certificate and private key, the public key of the certification authority and the CRL are stored in memories of the server. These memories are accessed by a processor of the server in accordance with an operating procedure for executing the authentication protocol.
  • Elements 17 and 18 illustrate the functional process for generating message 11 .
  • the time-varying value from facility 42 is signed with the private key 43 of the server 40 in private key operation 17 .
  • the signed time-varying value is then concatenated with the certificate 41 in the concatenate operation 18 to thereby form message 11 .
  • Blocks and elements 51 through 56 represent functional processes of the protocol performed by the server 40 .
  • Functional element 51 performs a private key operation with the private key 43 on the received message 12 .
  • a comparison at 52 provides verification of the time-varying value received from the client 20 . This may be done by comparing a timestamp received with the current timestamp of a clock from facility 42 , or by storing a time-varying value sent to the client and comparing the stored time-varying value with the time-varying value returned by the client to see that they are in correspondence.
  • Gate symbol 53 represents the permissive continuation of the processing upon the verification of the receipt of a proper time-varying value.
  • Functional element 54 performs a decryption of the message 13 using a key 22 received from the client 20 .
  • Functional element 55 performs a public key operation on the certificate with the public key 44 of the trusted certification authority.
  • Block 56 provides for the verification of the certificate with or without the CRL of clients in a manner well understood by those skilled in the art.
  • the client 20 may have to gain the trust of the server 40 before it will reveal its certificate 21 . This protects against revealing the certificate to unauthorized third parties who could then use the certificate to impersonate client 20 . Client 20 gains the trust of the server 40 through a public key protocol.
  • client 20 may gain its trust, upon a request for access the server 40 reveals its certificate 41 by combining the certificate 41 with the signed time-varying value from facility 42 to form message 11 CERT-S ⁇ TS ⁇ PRIV SERV .
  • Client 20 receives the message 11 sent over the communications channel 15 , verifies the signature on the certificate with the trusted certification authority's public key 24 in public key operation 32 and verification process 33 , and processes the certificate in operation 30 to read and store the public key of the server.
  • Client 20 then uses the public key of the server in public key operation 31 to obtain the time-varying value.
  • the public key of server 40 alternatively may be retrieved from public key storage unit 25 where used.
  • the client 20 may check the values of one or more fields of the certificate 41 to determine whether the server 40 is authorized for transactions with the client 20 . It is presumed that the trusted certification authority of interest issues authorized certificates only to trusted servers, so the pair of signature verifications is sufficient for the client 20 to gain trust in the server 40 .
  • client 20 verifies the time-varying value from 42 and the certificate 41 of server 40 , trust of the server 40 is established. Thereafter, client 20 generates a random secret session key (KSS) at 22 , combines this key with its time-varying value (TS) generated by a clock at 23 , or where no clock is present replicates the time-varying value received from the server, to form a message and encrypts the message with the public key (PUB SERV ) of server 40 obtained from storage at element 30 or 25 to form the encrypted message 12 .
  • KSS random secret session key
  • TS time-varying value
  • PUB SERV public key
  • the encrypted message 12 ⁇ KSS
  • a checking of the time-varying value TS demonstrates to the server 40 that a client is active in the transaction, not an impersonator replaying a recorded message.
  • Client 20 then encrypts its certificate 21 using the secret session key to produce encrypted message 13 , ⁇ CERT-C ⁇ KSS, and sends it to server 40 .
  • Messages 12 and 13 may be combined as one message ⁇ KSS
  • Server 40 receives the encrypted message 13 and decrypts it in decryption operation 54 to gain the client's 20 certificate 21 .
  • Certificate 21 is processed in public key operation 55 with the trusted certification authority's public key stored at 44 . After verification at 56 , with or without the optional CRL in unit 45 , the authenticity of client 20 is accepted by server 40 and the transaction can be undertaken.
  • the client and the server need to account for variations in their clocks when checking that the timestamp received is current.
  • One procedure is to determine the difference between the two clock timestamps, for example, the client determines the difference between the received timestamp and its own clock generated timestamp, and compares that difference to a pre-set reference value to see that it is less than the reference value.
  • Other techniques known to those skilled in the art may be used to account for the clock variations. See, for example, Weiss, U.S. Pat. No. 4,885,778, entitled “Method and Apparatus for Synchronizing Generation of Separate Free Running, Time Dependent Equipment,” which describes a technique for synchronizing client and server clocks in an authorization protocol.
  • a challenge may be used.
  • a challenge may comprise any-time varying message that can be processed and verified.
  • the client may also store a CRL of servers. Either as a part of the authentication protocol or subsequent thereto, the server and the client may exchange lists of revoked certificates.
  • message 11 consists of the public key certificate 41 of server 40 .
  • client 20 does not have or need to have prior possession of the server's public key.
  • Possession of the server's public key is acquired by the client receiving and reading the public key certificate 41 .
  • the signature on the certificate is verified with the Trusted Certification Authority's public key 24 and the certificate is verified by conventional verification procedures as discussed in the description of FIG. 5 .
  • This public key of the server is then used in public key operation 37 .
  • the time-varying value is generated locally at facility 23 . As seen from FIG.
  • the message 11 consists of certificate 41 and a time-varying value TS.
  • the time-varying value TS is needed where a client 20 does not have a facility for generating its own time-varying value.
  • server 40 forms message 11 by concatenating at element 18 the certificate 41 with the time-varying value from facility 42 .
  • client 20 verifies via 24 , 32 and 33 the signature on the certificate, optionally via 26 the revocation status of the certificate and at functional element 39 , reads and stores the server's public key and the time-varying value sent by the server.
  • the time-varying value is processed and replicated or modified for use in forming message 12 .
  • This embodiment is advantageous since its implementation requires few structural components and computational operations.
  • the client simply obtains the value TS and public key of the server needed for generating message 12 from the server.
  • the server then processes the messages received as in the previously described embodiments.
  • Public key storage element 25 is optional.
  • FIG. 7 shows, in part, a protocol that does not use a session key.
  • the client 20 concatenates at 36 a time-varying value produced as in any of the previously described embodiments, and encrypts at 37 the result with the server's public key obtained as in any of the previously described embodiments.
  • Server 40 decrypts the message at 51 with its private key, verifies at 52 the time-varying value, and processes the client's certificate as hereinbefore described to authenticate it.
  • a smart card using this protocol may only comprise a processor, a memory storing the certificate for the card and the public key of servers and a facility for providing a time-varying value.
  • the smart card may then engage in a non-interactive protocol with a server for the purpose of establishing its authenticity to a server.
  • the server in a communication to the client provides a time-varying value and its public key certificate as in FIG. 4B, and the smart card processor processes the receipt of same to produce a time-varying value and the public key of the server.
  • FIGS. 4A and 4C and FIG. 5 may also be modified to have no session key.
  • the client can encrypt only the signature on the certificate, transmitting the rest of the certificate unencrypted. Since a certificate is not valid without a signature, an opponent who obtains only the non-signature part of the certificate will not be able to impersonate the client.
  • the client can encrypt any data essential to the verification of the certificate.
  • the signature is one example; another example is a part of the signature, large enough so that the opponent cannot guess it.
  • a third example is a secret certificate serial number assigned by the certification authority.
  • the most efficient approach, in terms of communication requirements, is to encrypt something that is already required by the server, rather than something new. Since the signature is already required, it is a natural choice, though other parts of the certificate may be appropriate as well.
  • FIG. 8 illustrates in part a variation of the embodiment of FIG. 5 wherein only a portion of the certificate 21 is encrypted and transmitted to the server 40 with the remainder of the certificate (REST-C) being transmitted in unencrypted form.
  • the certificate 21 can be split at 81 so that any data in the certificate which is essential to the verification of the certificate is split and subsequently encrypted by secret session key (KSS) at 38 .
  • KSS secret session key
  • the remainder of the certificate (REST-C) is transmitted unencrypted to the server 40 .
  • the server 40 Upon receipt of the transmitted encrypted and nonencrypted portions of the certificate the server 40 decrypts the former at 54 and joins the lafter at element 82 so as to obtain the client's certificate 21 . Thereafter as illustrated in FIG. 5, the certificate is processed in public key operation 55 with subsequent verification at 56 .
  • the encrypted portion (X-C) of the client's certificate may be any portion which is sensitive or essential to the verification of the certificate such as the signature or a portion of the signature.
  • FIG. 10 illustrates a variation of FIG. 7 wherein only an essential portion of the client's certificate 21 is encrypted with the remainder of the certificate being transmitted unencrypted. More specifically, the certificate 21 is split at 81 to form an essential portion (X-C) which is concatenated and encrypted at 36 and 37 , respectively, for transmission to the server 40 . Meanwhile, the rest of the certificate (REST-C) is transmitted to the server in unencrypted form for joining at 82 with the essential portion of the certificate as decrypted at 51 and 52 to thus provide the server with the client's certificate.
  • X-C essential portion
  • REST-C rest of the certificate
  • hash-tree of secret values whose root is included in the certificate, where a path through the tree is encrypted and transmitted to the server.
  • the hash-tree variation provides greater protection against misuse by the server, since different paths could be associated with different servers.
  • the path is encrypted.
  • the root is included in the certificate and a digital signature, which need not be encrypted, is formed with the tree. See, for example, Merkle, U.S. Pat. No. 4,309,569, entitled “Method of Providing Digital Signatures.”
  • the storage requirement for the latter approach is quite large and may be impractical in a smart card or similar processor.
  • a hash tree consists of a root and one or more children, where if there is more than one child, each child must be a hash tree, and if there is only one child, the child is a leaf.
  • a leaf has no children.
  • a hash tree thus consists of many leaves, connected to the root through intermediate nodes. Each leaf has a predetermined value.
  • the value of a hash tree is the hash of the values of its children and the value of a hash tree is thus computed recursively.
  • the server 40 can easily recover the certificate sent by client 20 but no third party can because only client 20 and server 40 know the secret session key and/or only the server knows its private key.
  • the server 40 is convinced that the client 20 is authentic and active in the transaction. Client 20 is assured that its certificate is seen only by server 40 . While server 40 has enough information after a transaction to impersonate client 20 , server 40 is of such integrity as to be trusted not to reveal the client's certificate to any third party or to impersonate client 20 .
  • Trust of server 40 is a realistic consideration since servers are currently trusted to not reveal passwords or other data belonging to a client.
  • the server card reader
  • PIN personal identification number
  • RSA RSA ENCRYPTION STANDARD
  • ISO/IEC International Standard 9796: Information Technology, Security Techniques: Digital Signature Scheme Giving Message Recovery
  • the client and server certificates may be signed by the same trusted certification authority or different trusted certification authorities.
  • the client and server in either case, needs to have in its possession, the public key of the trusted certification authority that signed the received certificate in order to verify it.
  • the same server public key was used for encryption and verification.
  • the public key of the server 40 for encryption may be different than the public key for verifying signatures.
  • elements 31 and 37 could employ different public keys by storing two different public keys associated with the same server; one of which would be for verifying the server signatures at 31 and the other for encrypting data at 37 to be sent to the server.
  • the certificate of the server could contain two separate keys along with identification as to their purposes.
  • element 43 of FIG. 5, for example would provide appropriately different private keys to elements 17 and 51 .
  • the client's certificate may be generated once by the certification authority and stored in the client's memory 21 or it may be a certificate generated by a certification authority whenever the client is authenticated to the certification authority, e.g. as part of a daily log-in procedure.
  • the authentication operation could be carried out by techniques described herein or by other authentication techniques.
  • the new certificate could also contain the time at which authentication occurred and could expire later at some set time. Thus, the exposure time of the certificate would be limited if it is obtained by an opponent.
  • the new certificate could also specify the types of operations for which the client is currently authenticated. Under such circumstances, the client would present the new certificate to the server to authenticate itself to the server, and the server would check that the certificate has not expired and that the client is authorized for a particular type of operation.
  • a certificate can be easily authenticated since it carries the digital signature of a certification authority.
  • An account number cannot be easily authenticated because checking is done through accessing an on-line database. Therefore, in a financial application the certificate has clear benefits over an account number or an account number in combination with a PIN verification procedure.
  • the account number contains check digits, they can usually be constructed by any third party with a public algorithm. Thus a third party can easily forge account numbers. For this reason, a database check is essential. Moreover, if the check digits are computed based on a secret key stored in the server, the same secret key must be stored in all servers. Therefore, an opponent who compromises one server can forge account numbers. This is another reason for the practice of having a central database perform the check. With certificates, the server stores only the trusted certification authority's public key, not the private key. Thus an opponent that compromises a server may obtain access to certificates known to that server, but does not gain the ability to form new ones.
  • the system as illustrated in FIG. 12 is more fundamental and has a more general protocol whereby a user is enabled to confidentially deliver a credential authorizing the user to perform an operation.
  • the terms “user”, “credential” and “verifier” are used rather than “client”, “certificate” and “server”, respectively, so as to indicate the more general nature of the FIG. 12 exemplary embodiment.
  • the credential includes information essential to verify the credential which is transmitted to a verifier by way of an encrypted communications channel.
  • the user 60 may be an individual, a computer or some other entity.
  • the credential can be stored on a smart card or other device held by the user or may be held on the user's computer.
  • the encrypted communications channel 65 can be between the user's smart card and the verifier or the user's computer and the verifier.
  • the verifier can be a client, a server or some other entity on a computer network having a secure channel connected to the user whereby at least data essential for verifying the user's credential is transmitted to the verifier.
  • the credential held by the user would include a digital signature by a credential issuing authority, it is only necessary for the system illustrated in FIG. 12 to transmit some portion of the credential which would be necessary for verification of the credential to be transmitted to the verifier via the encrypted channel. That is to say, although the entire credential could be provided to the verifier via the encrypted channel, encryption could be limited to only portions essential for verification such as the digital signature on the credential, encryption of a secret value whose one way function value is stored in the credential or encryption of a path through a hash tree whose root is stored in the credential.
  • element 62 would select all of the data of credential 61 or at least an essential portion thereof for transmission via the encrypted communication channel 66 for verification at 71 as illustrated in FIG. 12 .
  • Other non-selected data would be transmitted through a non-encrypted channel and input to the verification step in a manner similar to that which is illustrated in FIGS. 8 through 10, for example.
  • FIG. 12 although it is possible for all data of the credential to be transmitted through an encrypted channel, the primary focus of FIG. 12 is that only data essential for verification need be transmitted through the encrypted channel. Additionally, it is important to note that the operation as illustrated in FIG. 12 does not depend on operations with keys belonging to the user such as a digital signature by the user. Such keys, however, can be included in the credential, but verification operations do not depend thereon.
  • the credential can be verified by verifying the digital signature with the public key of the credential issuing authority and/or by performing other operations previously disclosed such as comparing the computed one way function of a transmitted secret value to the computed one way function of the secret value included in the credential or by checking the path through a hash tree.
  • the channel may comprise encryption with a secret key which is shared by both the user and the verifier, by the user's computer and the verifier or by encryption with the verifier's public key in a manner similar to that illustrated in the embodiment of FIG. 7 .
  • the secret key may be established by any of a number of techniques including the use of a third party key server, the user or the user's computer generating a random secret key and encrypting it with the verifier's public key and sending it to the verifier as in previously disclosed embodiments.
  • a time stamp or other non-repeating values may be included in the process of establishing the key as in previous embodiments or by encrypting the data necessary to verify the credential or both.
  • a certificate for the verifier's public key may be verified first by the user or its computer.
  • the verifier of FIG. 12 is trusted not to reveal or misuse the user's credential. Moreover, since the data necessary to verify the credential is encrypted, the user is protected from opponents who cannot compromise the verifier's security. Moreover, since the credential includes a digital signature, the system is protected from opponents who can compromise the verifier's security since they can only reuse existing credentials and cannot generate new ones.
  • the user's credential can be obtained as a one-time value resulting from a successful log-in operation or can be obtained at some other interval. That is to say, the credential may authorize the user to perform certain operations and can also have further restrictions, such as limited time periods or limitations as to a list of authorized verifiers or servers.
  • the system as illustrated in FIG. 12, for example, provides the fundamental features of allowing a user to confidentially deliver to a verifier information which is essential for verifying a credential assigned by a certification authority which authorizes the user to conduct some transaction wherein the credential may or may not involve the use of a one way function but always contains the digital signature of the credential issuer.
  • FIG. 12 merely illustrates the functional elements and blocks of a more fundamental system involving confidential delivery to a verifier of information essential for verifying whether a user is authorized to perform an operation
  • various features of the previously disclosed embodiments may also be included in the FIG. 12 embodiment.
  • encryption on the encrypted communication channel 66 may be obtained with a shared secret key pre-installed with the user and verifier or established by encryption with the verifier's public key.
  • other well known techniques for establishing a secret key by agreement can be used such as through the use of a Diffie-Hellman algorithm.
  • 4A through 7 may be obtained through the use of the verifier's public key or the use of a non-repeating value such as a time stamp.
  • the entire credential may be encrypted or only essential data of the credential may be encrypted with the remainder of the credential being transmitted unencrypted in the manners illustrated in FIGS. 8 through 10, for example.

Abstract

A protocol for establishing the authenticity of a client to a server in an electronic transaction by encrypting a certificate with a key known only to the client and the server. The trust of the server, if necessary, can be established by a public key protocol. The client generates and sends over a communications channel a message containing at least a part of a certificate encrypted with the server's public key or a secret session key. The server receives and processes the message to recover at least part of the certificate, verifies and accepts it as proof of the client's authenticity.

Description

RELATED APPLICATIONS
This application is a continuation of U.S. patent application Ser. No. 08/845,196, filed on Apr. 21, 1997 now U.S. Pat. No. 6,085,320, which is a Continuation-in-Part of application Ser. No. 08/648,442, filed on May 15, 1996, now abandoned, the contents of which are incorporated herein by reference.
The invention relates to a protocol for one party to an electronic transaction, as for example a client in a client-server transaction, to prove its authenticity to the other party of the transaction.
BACKGROUND OF THE INVENTION
Client-server systems provide electronic access by the client to data, information, accounts and other material stored at the server. In financial transactions, the system provides a client electronic access to accounts and financial resources.
In a client-server transaction, the client is required to prove to the server that it is an authentic client, and not some impersonator or other unauthorized party. Protocols are known by which a client proves to a server its authenticity, while at the same time it does not reveal information that could be misused by a third party.
A standard well known protocol for proving authenticity involves public-key cryptography. The client establishes a public key/private key pair and provides the public key to the server. In a transaction, to prove its authenticity to the server, the client forms a digital signature with its private key on a time-varying message, and the server verifies the digital signature with the client's public key. The time-varying message, which may be a timestamp or a challenge supplied by the server, is different in each instance. This message, when checked by the server, provides safeguards against a third party impersonating the client by simply replaying copies of previous signatures of the client that the third party has intercepted or otherwise acquired.
In the standard protocol described above, the server trusts that the public key belongs to the client, i.e., that the client is in fact actively involved in the transaction because it is presumed that only the client knows the private key and can form valid digital signatures. A convenient way to establish trust in a public key is to use a certificate. This is accomplished by a certification authority issuing public-key certificates signed with the certification authority's private key, which thereby asserts to the server that the client's public key is a valid public key issued by or registered with the certification authority. Assuming the server trusts the certification authority's public key, then it trusts the client's certificate, the client's public key and ultimately the client's authenticity.
With typical public-key cryptosystems, it is computationally expensive to form digital signatures because of the need to perform an exponentiation operation. In some electronic transactions, for example, those involving a smart card client where the computational capacity is limited, the standard protocol using a digital signature is computationally expensive and is therefore a significant burden.
Beller and Yacobi, in an article entitled “Fully-Fledged Two-Way Public Key Authentication and Key Agreement for Low-Cost Terminals” ELECTRONICS LETTERS, May 27, 1993, Vol. 29, No. 11, at pages 999-1000, describe a protocol that provides for less on-line computation on one side of the protocol. In this protocol authentication of the server by the client is carried out by the server sending a random challenge with an expected “colour”, structure or format, to the client for verification by the client. Authentication of the client by the server is achieved by the client sending to the server its identity, public key, certificate and a signature on the random challenge for verification of the certificate and the signature by the server. The protocol is described as being useful where one side of the interaction is a low-cost customer device such as portable telephones, home banking terminals, smart cards and notebook computers.
Other protocols are known for establishing the authenticity of a client to a server. Client authentication protocols such as those based on secret-key cryptography exist, but often have the limitation that the server must be on-line, or the server must store a key which can be used to impersonate arbitrary clients. In Cellular Digital Packet Data systems, a client authenticates itself to a server by sending a one time password encrypted with a Diffie-Hellman shared key, and the server returns a new password for the next session. Again, the server must be on-line or the client must share a different password with each server, which can be inconvenient.
BRIEF DESCRIPTION OF THE INVENTION
A protocol that is less computationally expensive for a client but achieves similar goals as the standard protocol is used to develop a server's trust in the client. In this protocol, a certificate provided by a trusted certification authority to the client is encrypted with a key known only to the client and the server or the public key of the server. The client forms no digital signature. Since only the client and the server it trusts have access to the certificate, the certificate itself is proof of the authenticity of the client. This protocol is particularly useful in client devices having small computational capacity, e.g., a smart card.
Additional interactive protocols are disclosed whereby messages are exchanged between client and server to establish authenticity of both the client and the server as well as protocols wherein only a portion of the client's certificate is encrypted. Moreover, the certificate can include a one way function, such as a cryptographic hash function of a secret value or a root of a hash tree of secret values for protection against the certification authority or unauthorized servers, respectively.
A still further more general protocol involves a user, which may be an individual, a computer or some other entity, connected to a verifier by way of an encrypted communications channel such that the user can confidentially deliver to the verifier information essential to verify the message.
DESCRIPTION OF THE DRAWINGS
FIG. 1 schematically illustrates the components of a smart card;
FIG. 2 illustrates the components of a server;
FIG. 3A is a flow diagram showing the procedure for generating messages by a client to prove its authenticity to a server;
FIG. 3B is a flow diagram showing the processing at the server of messages sent by a client to authenticate the client;
FIG. 4A is a flow diagram illustrating an interactive embodiment of the invention where the server sends a copy of its certificate to a client;
FIG. 4B is a flow diagram illustrating an interactive embodiment of the invention where the server sends a copy of its certificate and a time-varying value to the client;
FIG. 4C is a flow diagram illustrating an interactive embodiment of the invention where the server sends a time-varying value to the client;
FIG. 5 is a flow diagram illustrating an interactive embodiment of the invention where a client is sent a message signed by the server;
FIG. 6 is a partial flow diagram illustrating a variation in the messages generated by the client;
FIG. 7 is a partial flow diagram illustrating a version of the invention where a client's certificate is sent directly to a server;
FIG. 8 is a partial flow diagram of FIG. 5 modified so that only part of the client's certificate is encrypted;
FIG. 9 is a partial flow diagram of FIG. 6 modified so that only part of the client's certificate is encrypted;
FIG. 10 is a partial flow diagram of FIG. 7 modified so that only part of the client's certificate is encrypted;
FIG. 11 is an illustration of a hash tree which may be used to prevent misuse by a server; and
FIG. 12 illustrates a still further flow diagram of essential elements of a system having a more general protocol but which may have features of other embodiments disclosed herein added thereto.
DESCRIPTION OF THE PREFERRED EMBODIMENTS
The specific description of the invention is set forth in the environment of a smart card client. However, the invention is not limited to a smart card client since the disclosed protocols are applicable to client/server systems in general, and in particular clients having low computational capacity such as portable telephones, notebook computers and home banking terminals. In an even more general manner the disclosed exemplary embodiments as described later can involve a user, which can be an individual, a computer or some other entity, which is connected to a verifier, which can be a client, a server or some other entity, via an encrypted communications channel whereby the user can confidentially deliver to the verifier information essential to verify the message.
A smart card includes a microchip containing a processor and memories to hold programs and data. FIG. 1 illustrates a smart card 1 comprising a processor 2, an erasable programmable read only memory (EPROM) 3, programmable read only memory (PROM) 4, random access memory (RAM) 5, input/output (I/O) port 6, number generator 7, clock 8 and power source 9. PROM 4 holds the card operating system and RAM 5 holds temporary results of calculations. EPROM 3 holds the certificate for the card. This certificate for the card, unlike the usual public key certificate, need not include the public key of the client since authentication of the client by the server does not rely on the public key of the client. A cache of public keys of one or more servers may also be stored in PROM 4 or EPROM 3. Number generator 7 provides random seed numbers to the processor for generating secret session keys. Clock 8, conventional and well known in the art, is used for generating a timestamp and for verifying a received timestamp. Clock 8 is optional where the server's timestamp or time-varying value is used by the client to provide a time-varying value or where a challenge procedure is followed. Power source 9 is a battery when a card has a clock. Otherwise, power may be supplied by an external source or a server. I/O terminals 6 provide a means for external communications.
The public key of a trusted certification authority may be stored in PROM 4 or EPROM 3. PROM 4, or the RAM 5 if non-volatile, may have a section for storing certificate revocation lists (CRLs). Such a list would include a list of servers whose certificates have expired or been revoked. This list would be provided by signed and dated messages from the trusted certification authority either directly or indirectly while in a communicating relationship with a server. Reference to the list during the initial stages of the protocol will indicate whether the transaction being initiated is with a valid server or with one holding a revoked certificate, and thereby whether a received server's certificate is to be verified.
The card manufacturer initializes the smart card using conventional techniques. PROM 4 is loaded with an operating program to be executed by processor 2, clock 8 is set (or an initial time-varying value, e.g., a sequence number or a timestamp is set in one of the memories when a clock is not used) and the certificate associated with the card and the trusted certification authority's public key are loaded into the memories. Optionally, server public keys and CRLs are also loaded into the memories.
A server 40 as illustrated in FIG. 2 includes a processor 60, a facility for generating a time-varying value or timestamp 42, input/output port 63, and a memory 61 for holding the operating program for the processor, the private key PRIVSERV associated with the server's public key PUBSERV and the public key PUBTCA of the trusted certification authority that signed the client's certificate. In addition, memory 61 may hold a certificate revocation list (CRL) and a certificate (CERT-S) for its public key. The facility for generating a time-varying value 42 may comprise a clock for generating a timestamp or other means for generating a time-varying value. The I/O port 63 provides an interface between the processor of the server and external entities.
FIG. 3A illustrates the processing by a client for generating and sending messages to a server for use by the server to prove the client's authenticity. A client at 101 generates or provides a time-varying value (TS). This may be a timestamp or other value which changes with time. The client also generates a random secret session key (KSS) at 102 employing a number generator or other means to provide a random seed number. At step 103, the time-varying value TS and the secret session key KSS are concatenated and at 104 the result is encrypted with the server's public key PUBSERV which has been retrieved from memory 4 or 5. The encrypted message {KSS|TS}PUBSERV is sent to the server at 107. The client's certificate (CERT-C) is retrieved from memory, EPROM 3, at 105, encrypted with the secret session key KSS at 106 to form message {CER-TC}KSS which is sent to the server at 108. The sending operations 107 and 108 may be combined into one operation.
FIG. 3B illustrates the processing at a server 40 of messages received from a client via I/O port 63 for the purpose of ensuring the authenticity of the client. Initially, the server decrypts at 201 the message {KSS|TS}PUBSERV using its private key PRIVSERV recovered from memory 61. At 202 the received time-varying value TS is compared with a reference value obtained from the server's facility for generating a time-varying value 42. Where the values do not compare an error signal is generated at 207 and the process is terminated. Where the time-varying values compare, the processing continues at 203 with recovery of the secret session key KSS and at 204 by decrypting of the message {CERT-C}KSS using the secret session key. This provides the server with the client's certificate (CERT-C) which is then at 205 subjected to a public key operation using the trusted certification authority's public key PUBTCA retrieved from memory 61. At 206 a verification of the certificate (CERT-C) is performed with the subsequent generation at 208 of an error signal where the certificate cannot be verified or the generating of an authentic signal at 209 where the certificate is found to be authentic. The verification procedure at 206 may include the use of the CRL stored in memory 61.
One embodiment of the invention is a non-interactive version where the protocol requires only the sending of messages over a communications channel by a client to the server with which it is seeking to execute a transaction. In other interactive embodiments (FIGS. 4A, 4B and 4C), a message, designated 11 in the drawing figures, containing information needed by the client to produce authenticating messages for the server, e.g., the public key of the server and/or a time-varying value provided by the server, is sent by the server to the client. In a further interactive embodiment (FIG. 5), the client has need of assurance of the server's presence in the transaction and therefore requires a message signed by the server. FIG. 6 represents a modification of the embodiments of the invention due to the message generated by the client having the time-varying value combined with the certificate of the client. FIG. 7 shows a version of the invention where a session key is not used. Moreover, FIGS. 8 to 10 illustrate modifications to the embodiments of FIGS. 5 to 7 wherein only a part of the client's certificate is encrypted. Additionally, FIG. 12 illustrates a fundamental protocol whereby a user can confidentially deliver to a verifier information which is essential to verify a message signed by a credential issuing authority, but which may be modified to include one or more features of other disclosed embodiments.
In the non-interactive embodiment, there is no message 11 sent from server 40 to a client in the authentication protocol. The protocol is essentially as shown in FIGS. 3A and 3B with a client configuration as in FIG. 1 and a server configuration as in FIG. 2. The client upon gaining access to a server 40 obtains the server's public key from a local storage, generates a random secret session key KSS (102), concatenates (103) it with an internally generated time-varying value, encrypts (104) the result with the server's public key and sends the result to server 40 (107). The client concurrently or subsequently retrieves its certificate (CERT-C) from storage (105) encrypts (106) the certificate with the secret session key and sends the result to server 40 (108). In the non-interactive embodiment, there is no signing by the server or even the generation and sending of a message by the server. The client's confidence in the server is assured by the use of the server's public key, since only the server can decrypt a message encrypted with its public key. The authenticity of the client is established to the satisfaction of the server by its receipt and verification of the time-varying value and the client's certificate by processing the received messages in accordance with the procedure shown in FIG. 3B.
In the interactive embodiments of FIGS. 4A, 4B and 4C, message 11 consists of a certificate (CERT-S), a time-varying value, or a combination of a certificate (CERT-S) and a time-varying value. These informational items are provided to a client so that the client may properly form authenticating message 12. FIG. 5 shows an interactive embodiment where the server provides a signed message 11. Since FIG. 5 is the most comprehensive, it will be described first, and the embodiments of FIGS. 4A, 4B and 4C described primarily with respect to differentiating features caused by the differences in the content of message 11.
In FIG. 5, the parties to the electronic transaction are the client 20 and the server 40. Messages 11, 12 and 13 are generated and exchanged between the client 20 and the server 40 over a communications channel 15. Successful exchanges of the messages establish the trust of the client 20 in the server 40 and the authenticity of the client 20 to the server 40. Communications channel 15 may simply be electrical connections between a card reader and the terminal equipment at a server or may be in the form of a telephone or other communications link established between a client and a remote server, or other conventional communications medium.
Client 20 includes a certificate (CERT-C) 21 stored in EPROM 3, a key generator (KEY) 22, a facility for generating a time-varying value (TS) 23 which may include the clock 8, when used, and the public key (PUBTCA) 24 of the trusted certification authority which may be stored in EPROM 3 or PROM 4. Certificate 21 comprises a message provided and signed by the trusted certification authority with its private key in the standard manner. The message in this instance need not be the client's public key because this key is not involved in the protocol. Any message is sufficient and may be certain well structured information about the client, e.g., account number and expiration date of the account. The message may also indicate the types of transactions for which the client 20 is authorized and the period of time during which the certificate may be considered valid. The key generator 22 is comprised of any conventional means of generating an encryption key. It may comprise a subroutine in the processor and use a number supplied by a number generator 7. The facility 23 may comprise conventional clock 8 that provides a current date and time or may be one that operates on a received timestamp or time-varying value. Key 24, the public key of the trusted certification authority, is used to verify a certificate sent by the server and signed by the trusted certification authority.
Key storage unit 25 represents an optional memory or memory section for storage of keys of one or more frequently used servers. These are the public keys of servers and are made available to clients by the servers. Storing the public key of server 40 and other selected servers at the client avoids the need to process the certificate from a server to recover the key, or provides a source for the key where the certificate does not contain the public key or an easily recoverable copy of the public key of the server. CRL storage unit 26, also an optional memory or memory section, stores a list of certificates that have been revoked.
Elements 30 through 35 illustrate the functional processes of the protocol performed by the client to establish trust in the server. Public key operations are conventional well known processes in the art. Recovering the public key of the server from the server's certificate for the key and storing it in a memory, as illustrated in block 30, is a certificate processing within the skill of art.
Functional element 32 represents a public key operation performed with the trusted certification authority's public key 24 on the certificate portion of the message 11 received from the server 40. Functional element 31 represents a public key operation performed on the timestamp or other time-varying value received from a server with the server's public key obtained from processing the certificate at read and store element 30 or from key storage unit 25. At functional block 33 a standard verification procedure, as those skilled in the art appreciate, is used to verify the certificate. A certificate revocation list supplied from memory 26 may optionally be used in verifying the certificate.
Functional element 34 represents a comparison and verification of the timestamp or time-varying value received from the server 40 to verify that it is proper. Where the smart card or client has a clock, a simple comparison (allowing for small time differences) of the time at clock 8 with the time of the received timestamp suffices to verify a received timestamp. Where the smart card does not include a clock, the stored time of a last received valid timestamp can be compared with the time of the currently received timestamp to verify that the currently received timestamp is later in time. Any time-varying value may be received and processed to verify that it is of recent origin or in a proper time sequence.
Failure to verify the server's certificate or time-varying value (illustrated by the NO outputs of elements 33 and 34) results in an error and termination of the transaction. Symbol 35 is a representation that permits further processing, i.e. the generation of the secret session key, when both the received certificate and time-varying have been verified (indicated by YES outputs of elements 33 and 34).
Elements 36, 37 and 38 illustrate the functional processes performed by the client 20 to generate messages 12 and 13. Message 12 is generated by concatenating the session key 22 and the time-varying value from facility 23 at element 36 and performing a public key encryption on the combination in public key operation 37 with the public key of server 40 retrieved from read and store element 30 or key storage unit 25. Message 13 is generated by performing an encryption at element 38 on the certificate 21 with the session key 22.
The functional elements and blocks of client 20 define operational steps performed by a processor, e.g., processor 2 of FIG. 1. Similarly, the functional elements and blocks of server 40 illustrate operational steps performed by the server's processor 60.
Server 40 of FIG. 5 includes a certificate (CERT-S) 41 provided by the trusted certification authority, a facility for generating time-varying values (TS) 42, the private key of the server (PRIVSERV) 43 and the public key of the trusted certification authority (PUBTCA) 44. Certificate 41 is a certificate for the server's 40 public key, and contains a message which includes the server's public key and that identifies the server as a valid and authorized holder of the public key. Facility 42 may be provided by a clock. The key 43 is the server's private key of the public key/private key pair used in standard public key cryptography. Key 44 is the public key of the trusted certification authority. CRL 45 is an optional element that stores certificate revocation lists for both server's and client's certificates. These lists are signed, dated messages received from the trusted certification authority. The server CRL is for forwarding to a client during the herein described protocol or ancillary to the protocol. The client CRL would serve, for example, as a list of revoked smart cards, i.e., cards that have been lost, stolen, destroyed or that have expired.
The server's certificate and private key, the public key of the certification authority and the CRL are stored in memories of the server. These memories are accessed by a processor of the server in accordance with an operating procedure for executing the authentication protocol.
Elements 17 and 18 illustrate the functional process for generating message 11. The time-varying value from facility 42 is signed with the private key 43 of the server 40 in private key operation 17. The signed time-varying value is then concatenated with the certificate 41 in the concatenate operation 18 to thereby form message 11.
Blocks and elements 51 through 56 represent functional processes of the protocol performed by the server 40. Functional element 51 performs a private key operation with the private key 43 on the received message 12. A comparison at 52 provides verification of the time-varying value received from the client 20. This may be done by comparing a timestamp received with the current timestamp of a clock from facility 42, or by storing a time-varying value sent to the client and comparing the stored time-varying value with the time-varying value returned by the client to see that they are in correspondence. Gate symbol 53 represents the permissive continuation of the processing upon the verification of the receipt of a proper time-varying value. Functional element 54 performs a decryption of the message 13 using a key 22 received from the client 20. Functional element 55 performs a public key operation on the certificate with the public key 44 of the trusted certification authority. Block 56 provides for the verification of the certificate with or without the CRL of clients in a manner well understood by those skilled in the art.
Initially, the client 20 may have to gain the trust of the server 40 before it will reveal its certificate 21. This protects against revealing the certificate to unauthorized third parties who could then use the certificate to impersonate client 20. Client 20 gains the trust of the server 40 through a public key protocol.
Considering the FIG. 5 illustration, so that client 20 may gain its trust, upon a request for access the server 40 reveals its certificate 41 by combining the certificate 41 with the signed time-varying value from facility 42 to form message 11 CERT-S{TS}PRIVSERV. Client 20 receives the message 11 sent over the communications channel 15, verifies the signature on the certificate with the trusted certification authority's public key 24 in public key operation 32 and verification process 33, and processes the certificate in operation 30 to read and store the public key of the server. Client 20 then uses the public key of the server in public key operation 31 to obtain the time-varying value. As indicated above, the public key of server 40 alternatively may be retrieved from public key storage unit 25 where used. Checking of the time-varying value to see that it is valid is done in comparison unit 34. A failure to verify the server's certificate or validate the received time-varying value terminates the transaction. Signature verification, particularly for RSA, is computationally inexpensive, so the computational burden on the client 20 is minimal. As an additional step in certificate verification, the client 20 may check the values of one or more fields of the certificate 41 to determine whether the server 40 is authorized for transactions with the client 20. It is presumed that the trusted certification authority of interest issues authorized certificates only to trusted servers, so the pair of signature verifications is sufficient for the client 20 to gain trust in the server 40.
Once client 20 verifies the time-varying value from 42 and the certificate 41 of server 40, trust of the server 40 is established. Thereafter, client 20 generates a random secret session key (KSS) at 22, combines this key with its time-varying value (TS) generated by a clock at 23, or where no clock is present replicates the time-varying value received from the server, to form a message and encrypts the message with the public key (PUBSERV) of server 40 obtained from storage at element 30 or 25 to form the encrypted message 12. Again, for RSA, encrypting with the server's public key is computationally inexpensive so this is not a burden on the client.
The encrypted message 12, {KSS|TS}PUBSERV, is sent to the server 40 where it is received and processed for recovery of the secret session key KSS by decrypting the message 12 with private key 43 in private key operation 51. A checking of the time-varying value TS demonstrates to the server 40 that a client is active in the transaction, not an impersonator replaying a recorded message.
Client 20 then encrypts its certificate 21 using the secret session key to produce encrypted message 13, {CERT-C}KSS, and sends it to server 40. Messages 12 and 13 may be combined as one message {KSS|TS}PUBSERV{CERT-C} KSS. Server 40 receives the encrypted message 13 and decrypts it in decryption operation 54 to gain the client's 20 certificate 21. Certificate 21 is processed in public key operation 55 with the trusted certification authority's public key stored at 44. After verification at 56, with or without the optional CRL in unit 45, the authenticity of client 20 is accepted by server 40 and the transaction can be undertaken.
When clocks are used for both timestamp facilities, the client and the server need to account for variations in their clocks when checking that the timestamp received is current. One procedure is to determine the difference between the two clock timestamps, for example, the client determines the difference between the received timestamp and its own clock generated timestamp, and compares that difference to a pre-set reference value to see that it is less than the reference value. Other techniques known to those skilled in the art may be used to account for the clock variations. See, for example, Weiss, U.S. Pat. No. 4,885,778, entitled “Method and Apparatus for Synchronizing Generation of Separate Free Running, Time Dependent Equipment,” which describes a technique for synchronizing client and server clocks in an authorization protocol.
In place of a timestamp a challenge may be used. A challenge may comprise any-time varying message that can be processed and verified.
The client may also store a CRL of servers. Either as a part of the authentication protocol or subsequent thereto, the server and the client may exchange lists of revoked certificates.
In the embodiment illustrated in FIG. 4A, message 11 consists of the public key certificate 41 of server 40. Here, client 20 does not have or need to have prior possession of the server's public key. Possession of the server's public key is acquired by the client receiving and reading the public key certificate 41. The signature on the certificate is verified with the Trusted Certification Authority's public key 24 and the certificate is verified by conventional verification procedures as discussed in the description of FIG. 5. This public key of the server is then used in public key operation 37. The time-varying value is generated locally at facility 23. As seen from FIG. 4A, client 20 comprises only the elements, e.g., 24, 32, 33 and 26 to verify the certificate and its signature and a functional element 30 to read the received certificate 41 and store the public key PUBSERV. The server's processing to form message 11 involves only the sending of its certificate 41. The remainder of the components, functional elements and operations of FIG. 4A correspond with those in FIG. 5.
In the embodiment of FIG. 4B, the message 11 consists of certificate 41 and a time-varying value TS. The time-varying value TS is needed where a client 20 does not have a facility for generating its own time-varying value. Thus, as shown, server 40 forms message 11 by concatenating at element 18 the certificate 41 with the time-varying value from facility 42. In FIG. 4B, client 20 verifies via 24, 32 and 33 the signature on the certificate, optionally via 26 the revocation status of the certificate and at functional element 39, reads and stores the server's public key and the time-varying value sent by the server. The time-varying value is processed and replicated or modified for use in forming message 12. This embodiment is advantageous since its implementation requires few structural components and computational operations. The client simply obtains the value TS and public key of the server needed for generating message 12 from the server. The server then processes the messages received as in the previously described embodiments. When a timestamp is not used by the server as the time-varying value, neither the server or the client needs a clock. Public key storage element 25 is optional.
In FIG. 4C, message 11 consists of a time-varying value TS. As previously described, client 20 may have no clock or timestamp facility. It therefore has to receive a time-varying value at facility 23 or the like. Again, the received time-varying value may simply be replicated, or modified in a predetermined manner, and returned to server 40 in message 12. This assures the server that a current transaction is taking place. Again, neither party needs a clock. However, the client has to have a stored copy of the public key of server 40, i.e., an element 25 of memory 4 with a stored copy of the public keys of various servers with which it will interact. Server 40 only requires the message generating elements necessary to send a time-varying value. The remaining elements depicted in FIG. 4C are like those in FIG. 5 and operate in a similar manner.
The content of the messages generated and sent by a client to a server may be as shown in FIG. 6. Here the time-varying value is concatenated with the certificate of the client instead of with the secret session key. As shown, client 20 in public key operation 37 encrypts the secret session key with the server's public key, the server's public key being produced as in any of the previously described embodiments, concatenates at 36 the time-varying value, obtained as in any of the previously described embodiments, with the client's certificate (CERT-C), and encrypts at 38 the result using the secret session key. The processing in the server is modified to accommodate the change in the messages 12 and 13, causing the time-varying value verification to be subsequent to the decrypting at 54. The server decrypts message 12 using its private key to recover the session key and decrypts the time-varying valuelcertificate with the secret session key. The certificate is subjected to a public key operation and verifying procedure as in elements such as 55 and 56 as shown in the FIG. 5 embodiment. The variation shown in FIG. 6 may be practiced with any of the embodiments hereinbefore described.
In some instances a session key in not used, as for example where the subsequent communications of the overall transaction session are not encrypted. The client's certificate is simply concatenated with a time-varying value and the result is encrypted with the server's public key to form the message 12 which is sent directly to the server. FIG. 7 shows, in part, a protocol that does not use a session key. The client 20 concatenates at 36 a time-varying value produced as in any of the previously described embodiments, and encrypts at 37 the result with the server's public key obtained as in any of the previously described embodiments. Server 40 decrypts the message at 51 with its private key, verifies at 52 the time-varying value, and processes the client's certificate as hereinbefore described to authenticate it. A smart card using this protocol may only comprise a processor, a memory storing the certificate for the card and the public key of servers and a facility for providing a time-varying value. The smart card may then engage in a non-interactive protocol with a server for the purpose of establishing its authenticity to a server. In an interactive protocol, the server in a communication to the client provides a time-varying value and its public key certificate as in FIG. 4B, and the smart card processor processes the receipt of same to produce a time-varying value and the public key of the server. The other interactive embodiments of FIGS. 4A and 4C and FIG. 5 may also be modified to have no session key.
It is also possible to modify the aforementioned embodiments to encrypt only part of the certificate, which may lead to greater efficiency in the protocol. For instance, the client can encrypt only the signature on the certificate, transmitting the rest of the certificate unencrypted. Since a certificate is not valid without a signature, an opponent who obtains only the non-signature part of the certificate will not be able to impersonate the client.
As a generalization, the client can encrypt any data essential to the verification of the certificate. The signature is one example; another example is a part of the signature, large enough so that the opponent cannot guess it. A third example is a secret certificate serial number assigned by the certification authority. In general, the most efficient approach, in terms of communication requirements, is to encrypt something that is already required by the server, rather than something new. Since the signature is already required, it is a natural choice, though other parts of the certificate may be appropriate as well.
In some cases, it may be more efficient in terms of communication bandwidth to encrypt more than just the data required to verify the certificate. For instance, if the encryption is performed with the public key of the server, then the client can encrypt as much additional data as can be encrypted with a single public-key encryption operation. The approach of encrypting the entire certificate is an extreme example. As another variation, it is possible to encrypt part of the certificate with a public-key encryption, and part with a secret-key encryption.
FIG. 8 illustrates in part a variation of the embodiment of FIG. 5 wherein only a portion of the certificate 21 is encrypted and transmitted to the server 40 with the remainder of the certificate (REST-C) being transmitted in unencrypted form. Thus, the certificate 21 can be split at 81 so that any data in the certificate which is essential to the verification of the certificate is split and subsequently encrypted by secret session key (KSS) at 38. The remainder of the certificate (REST-C) is transmitted unencrypted to the server 40.
Upon receipt of the transmitted encrypted and nonencrypted portions of the certificate the server 40 decrypts the former at 54 and joins the lafter at element 82 so as to obtain the client's certificate 21. Thereafter as illustrated in FIG. 5, the certificate is processed in public key operation 55 with subsequent verification at 56. As previously noted, the encrypted portion (X-C) of the client's certificate may be any portion which is sensitive or essential to the verification of the certificate such as the signature or a portion of the signature.
FIG. 9 is an illustration of a variation of the embodiment of FIG. 6 wherein only a portion (X-C) of the client's certificate 21 is encrypted with the remainder (REST-C) being transmitted in unencrypted form. In this regard the certificate 21 is again split at 81 to obtain an essential portion (X-C) of the certificate. Thereafter, as may be seen from FIGS. 9 and 6, the essential portion of the certificate is concatenated at 36, encrypted at 38 and transmitted to the server 40. Moreover, the unencrypted portion (REST-C) of the certificate 21 is transmitted to the server 40 for joining at 82 with the decrypted portion (X-C) for subsequent verification of the client's certificate 21.
FIG. 10 illustrates a variation of FIG. 7 wherein only an essential portion of the client's certificate 21 is encrypted with the remainder of the certificate being transmitted unencrypted. More specifically, the certificate 21 is split at 81 to form an essential portion (X-C) which is concatenated and encrypted at 36 and 37, respectively, for transmission to the server 40. Meanwhile, the rest of the certificate (REST-C) is transmitted to the server in unencrypted form for joining at 82 with the essential portion of the certificate as decrypted at 51 and 52 to thus provide the server with the client's certificate.
Another approach applies when the certificate contains a field that is computed as the one-way function, such as a cryptographic hash function, of a secret value. In this case, the secret value is encrypted and transmitted to the server, and the server computes and compares the one way function of the received secret value to the field in the certificate, after verifying the certificate. This has the advantage that the secret value can be concealed from the certification authority during the process of obtaining a certificate, so that the certification authority cannot later impersonate the client. The approach of encrypting a secret data value whose one-way function value is contained in the certificate has this property. A related approach is described in the Secure Electronic Transaction Specification (MasterCard and Visa, Jun. 24, 1996). In SET, the name field in a certificate is formed as a one-way hash of the account number and other information, and during a purchase protocol, the account number and the other information are encrypted and transmitted to a server, which compares their hash to the name field of the certificate. However, authentication in SET is also based on digital signatures, as in other conventional approaches. The account number itself is concealed for the protection of the account owner, not primarily for authentication, and it is not concealed from the certification authority.
Related to this, there could be a hash-tree of secret values whose root is included in the certificate, where a path through the tree is encrypted and transmitted to the server. The hash-tree variation provides greater protection against misuse by the server, since different paths could be associated with different servers. Here it is important to note that the path is encrypted. However, in a different approach based on a hash tree, the root is included in the certificate and a digital signature, which need not be encrypted, is formed with the tree. See, for example, Merkle, U.S. Pat. No. 4,309,569, entitled “Method of Providing Digital Signatures.” In this regard, the storage requirement for the latter approach is quite large and may be impractical in a smart card or similar processor.
Regarding hash trees, as may be seen in FIG. 11, a hash tree consists of a root and one or more children, where if there is more than one child, each child must be a hash tree, and if there is only one child, the child is a leaf. A leaf has no children. A hash tree thus consists of many leaves, connected to the root through intermediate nodes. Each leaf has a predetermined value. The value of a hash tree is the hash of the values of its children and the value of a hash tree is thus computed recursively.
A path through a hash tree consists of a leaf and the values of the siblings of its successive parents. A path is verified by recalculating the value of the root based on the values in the path. This can be done recursively, since the value of each child of the root is either in the path, or can be recalculated from the rest of the path. As may be seen in FIG. 11, the path from X3:X3, h(X4), h(h(X1), h(X2)) can be verified by recalculating the root given the values of siblings in the path.
Only one leaf is contained in a path, and provided that the hash function is one-way, the values of leaves not in a given path cannot be determined from the path. Thus, it is possible to reveal paths for each leaf in the tree such that a different path is used for each verifier, so as to prevent misuse. Only the root needs to be trusted initially by a verifier. It should be noted that the previously mentioned approach of storing the hash of a secret value in the certificate is really just a special case of a hash tree, where there is only one leaf.
In the above described protocols, the server 40 can easily recover the certificate sent by client 20 but no third party can because only client 20 and server 40 know the secret session key and/or only the server knows its private key. The server 40 is convinced that the client 20 is authentic and active in the transaction. Client 20 is assured that its certificate is seen only by server 40. While server 40 has enough information after a transaction to impersonate client 20, server 40 is of such integrity as to be trusted not to reveal the client's certificate to any third party or to impersonate client 20.
Trust of server 40 is a realistic consideration since servers are currently trusted to not reveal passwords or other data belonging to a client. In financial applications, the server (card reader) is trusted not to reveal account numbers or a personal identification number (PIN). Thus, it is reasonable to assume that the server or card reader will not reveal certificates.
In the case of RSA, the encryption and signature operations can follow the techniques described in PKCS #1: RSA ENCRYPTION STANDARD (RSA Laboratories, November 1993), in International Standard 9796: Information Technology, Security Techniques: Digital Signature Scheme Giving Message Recovery (ISO/IEC, 1991), in M. Bellare and P. Rogaway, “Optimal Asymmetric Encryption” in Advances in Cryptology-Eurocrypt '94, pp 92-111 (Springer-Verlag (New York 1995)) or in similar standards, as are well known to those familiar with RSA.
The client and server certificates may be signed by the same trusted certification authority or different trusted certification authorities. The client and server, in either case, needs to have in its possession, the public key of the trusted certification authority that signed the received certificate in order to verify it.
In the above noted embodiments where the server's public key is provided to the client, the same server public key was used for encryption and verification. However, the public key of the server 40 for encryption may be different than the public key for verifying signatures. In FIG. 5, for example, elements 31 and 37 could employ different public keys by storing two different public keys associated with the same server; one of which would be for verifying the server signatures at 31 and the other for encrypting data at 37 to be sent to the server. Alternatively, the certificate of the server could contain two separate keys along with identification as to their purposes. Moreover, in either alternative, element 43 of FIG. 5, for example, would provide appropriately different private keys to elements 17 and 51.
As an additional modification to the disclosed exemplary embodiments, the client's certificate (CERT-C) may be generated once by the certification authority and stored in the client's memory 21 or it may be a certificate generated by a certification authority whenever the client is authenticated to the certification authority, e.g. as part of a daily log-in procedure. Moreover, the authentication operation could be carried out by techniques described herein or by other authentication techniques. The new certificate could also contain the time at which authentication occurred and could expire later at some set time. Thus, the exposure time of the certificate would be limited if it is obtained by an opponent. The new certificate could also specify the types of operations for which the client is currently authenticated. Under such circumstances, the client would present the new certificate to the server to authenticate itself to the server, and the server would check that the certificate has not expired and that the client is authorized for a particular type of operation.
In financial applications, a certificate can be easily authenticated since it carries the digital signature of a certification authority. An account number cannot be easily authenticated because checking is done through accessing an on-line database. Therefore, in a financial application the certificate has clear benefits over an account number or an account number in combination with a PIN verification procedure.
In addition, if the account number contains check digits, they can usually be constructed by any third party with a public algorithm. Thus a third party can easily forge account numbers. For this reason, a database check is essential. Moreover, if the check digits are computed based on a secret key stored in the server, the same secret key must be stored in all servers. Therefore, an opponent who compromises one server can forge account numbers. This is another reason for the practice of having a central database perform the check. With certificates, the server stores only the trusted certification authority's public key, not the private key. Thus an opponent that compromises a server may obtain access to certificates known to that server, but does not gain the ability to form new ones.
As previously noted, the system as illustrated in FIG. 12 is more fundamental and has a more general protocol whereby a user is enabled to confidentially deliver a credential authorizing the user to perform an operation. In order to reflect the more fundamental system and protocol the terms “user”, “credential” and “verifier” are used rather than “client”, “certificate” and “server”, respectively, so as to indicate the more general nature of the FIG. 12 exemplary embodiment. In FIG. 12 the credential includes information essential to verify the credential which is transmitted to a verifier by way of an encrypted communications channel. In the illustrated system the user 60 may be an individual, a computer or some other entity. Moreover, the credential can be stored on a smart card or other device held by the user or may be held on the user's computer. Furthermore, the encrypted communications channel 65 can be between the user's smart card and the verifier or the user's computer and the verifier. Additionally, the verifier can be a client, a server or some other entity on a computer network having a secure channel connected to the user whereby at least data essential for verifying the user's credential is transmitted to the verifier.
Although the credential held by the user would include a digital signature by a credential issuing authority, it is only necessary for the system illustrated in FIG. 12 to transmit some portion of the credential which would be necessary for verification of the credential to be transmitted to the verifier via the encrypted channel. That is to say, although the entire credential could be provided to the verifier via the encrypted channel, encryption could be limited to only portions essential for verification such as the digital signature on the credential, encryption of a secret value whose one way function value is stored in the credential or encryption of a path through a hash tree whose root is stored in the credential. Thus, element 62 would select all of the data of credential 61 or at least an essential portion thereof for transmission via the encrypted communication channel 66 for verification at 71 as illustrated in FIG. 12. Other non-selected data would be transmitted through a non-encrypted channel and input to the verification step in a manner similar to that which is illustrated in FIGS. 8 through 10, for example.
Stated differently, with regard to the embodiment of FIG. 12, although it is possible for all data of the credential to be transmitted through an encrypted channel, the primary focus of FIG. 12 is that only data essential for verification need be transmitted through the encrypted channel. Additionally, it is important to note that the operation as illustrated in FIG. 12 does not depend on operations with keys belonging to the user such as a digital signature by the user. Such keys, however, can be included in the credential, but verification operations do not depend thereon.
The credential can be verified by verifying the digital signature with the public key of the credential issuing authority and/or by performing other operations previously disclosed such as comparing the computed one way function of a transmitted secret value to the computed one way function of the secret value included in the credential or by checking the path through a hash tree.
With regard to the encrypted communications channel, the channel may comprise encryption with a secret key which is shared by both the user and the verifier, by the user's computer and the verifier or by encryption with the verifier's public key in a manner similar to that illustrated in the embodiment of FIG. 7. Where a shared secret key is used, the secret key may be established by any of a number of techniques including the use of a third party key server, the user or the user's computer generating a random secret key and encrypting it with the verifier's public key and sending it to the verifier as in previously disclosed embodiments. Moreover, a time stamp or other non-repeating values may be included in the process of establishing the key as in previous embodiments or by encrypting the data necessary to verify the credential or both. Additionally, in the event that encryption on channel 66 uses the verifier's public key, as in previously disclosed embodiments, a certificate for the verifier's public key may be verified first by the user or its computer.
As in the previously disclosed embodiments, the verifier of FIG. 12 is trusted not to reveal or misuse the user's credential. Moreover, since the data necessary to verify the credential is encrypted, the user is protected from opponents who cannot compromise the verifier's security. Moreover, since the credential includes a digital signature, the system is protected from opponents who can compromise the verifier's security since they can only reuse existing credentials and cannot generate new ones. In this regard, as noted with the previously disclosed embodiments, the user's credential can be obtained as a one-time value resulting from a successful log-in operation or can be obtained at some other interval. That is to say, the credential may authorize the user to perform certain operations and can also have further restrictions, such as limited time periods or limitations as to a list of authorized verifiers or servers.
In any event, the system as illustrated in FIG. 12, for example, provides the fundamental features of allowing a user to confidentially deliver to a verifier information which is essential for verifying a credential assigned by a certification authority which authorizes the user to conduct some transaction wherein the credential may or may not involve the use of a one way function but always contains the digital signature of the credential issuer.
Moreover, although the system illustrated in FIG. 12 merely illustrates the functional elements and blocks of a more fundamental system involving confidential delivery to a verifier of information essential for verifying whether a user is authorized to perform an operation, various features of the previously disclosed embodiments may also be included in the FIG. 12 embodiment. For example, as previously noted, encryption on the encrypted communication channel 66 may be obtained with a shared secret key pre-installed with the user and verifier or established by encryption with the verifier's public key. Alternatively, other well known techniques for establishing a secret key by agreement can be used such as through the use of a Diffie-Hellman algorithm. Additionally, encryption as in the embodiments of FIGS. 4A through 7 may be obtained through the use of the verifier's public key or the use of a non-repeating value such as a time stamp. Moreover, as aforementioned, the entire credential may be encrypted or only essential data of the credential may be encrypted with the remainder of the credential being transmitted unencrypted in the manners illustrated in FIGS. 8 through 10, for example.
While the invention has been described in connection with what is presently considered to be the most practical and preferred embodiment, it is to be understood that the invention is not to be limited to the disclosed embodiment, but on the contrary, is intended to cover various modifications and equivalent arrangements included within the spirit and scope of the appended claims.

Claims (17)

What is claimed is:
1. A method for authenticating a client by a server, comprising the steps of:
(a) receiving by the client from a credential issuer a digital credential;
(b) transmitting credential verification information from the client to the server over an encrypted communications channel; and
(c) authenticating the client based on the validity of the credential and in response to the credential verification information.
2. The method of claim 1 wherein step (b) comprises transmitting credential verification information from the client to the server over an encrypted communications channel, the client comprising a smart card.
3. The method of claim 1 wherein step (b) comprises transmitting credential verification information from the client to the server over an encrypted communications channel, the client comprising a desk-top computer.
4. The method of claim 1 wherein step (b) comprises transmitting credential verification information from the client to the server over an encrypted communications channel, the client comprising at least one client chosen from the set of a portable telephone, a notebook computer, a handheld computing device, and a home banking terminal.
5. The method of claim 1 wherein step (b) comprises transmitting credential verification information from the client to the server over an encrypted communications channel, the communications channel comprising a wireless communications channel.
6. The method of claim 1, further comprising the steps of:
providing, by a certificate issuer, a certificate comprising a public key of the server;
receiving, by the client, the certificate; and
verifying, by the client, the certificate comprising the public key of the server.
7. The method of claim 6 wherein the credential issuer and the certificate issuer are separate entities.
8. The method of claim 1, further comprising,
before step (a), the step of initiating, by the client, a login session with the credential issuer; and
wherein step (a) comprises receiving a credential that is valid for a relatively short validity period; and
wherein step (b) comprises transmitting credential verification information during the validity period.
9. An authentication system, comprising:
a credential issuer providing a digital credential;
a client receiving the credential from the credential issuer and transmitting credential verification information over an encrypted communications channel; and
a server receiving credential verification information over the encrypted communications channel and authenticating the client based on the validity of the credential and in response to the credential verification information.
10. The system of claim 9 wherein the client comprises a smart card.
11. The system of claim 9 wherein the client comprises a desktop computer.
12. The system of claim 9 wherein the client comprises at least one client selected from the set of a portable telephone, a notebook computer, a handheld computer, and a home banking terminal.
13. The system of claim 9 wherein the client receives and transmits over a wireless communications channel.
14. The system of claim 9 further comprising:
a certificate issuer providing a certificate comprising a server's public key; and wherein
the client receives and verifies the certificate comprising the server's public key.
15. The system of claim 9 wherein the credential issuer and certificate issuer are different entities.
16. The system of claim 9 wherein:
the client receives the credential in response to a login session initiated by the client;
the credential is valid for a relatively short validity period; and
the credential verification information is transmitted during the validity period.
17. A computer readable medium comprising instructions for execution on a processor, the instructions when executed direct the processor to receive credential verification information from a client over an encrypted communications channel, the client having received a digital credential from a credential issuer, and direct the processor to authenticate the client based on the validity of the digital credential and in response to the credential verification information.
US09/527,020 1996-05-15 2000-03-16 Client/server protocol for proving authenticity Expired - Lifetime US6189098B1 (en)

Priority Applications (1)

Application Number Priority Date Filing Date Title
US09/527,020 US6189098B1 (en) 1996-05-15 2000-03-16 Client/server protocol for proving authenticity

Applications Claiming Priority (3)

Application Number Priority Date Filing Date Title
US64844296A 1996-05-15 1996-05-15
US08/845,196 US6085320A (en) 1996-05-15 1997-04-21 Client/server protocol for proving authenticity
US09/527,020 US6189098B1 (en) 1996-05-15 2000-03-16 Client/server protocol for proving authenticity

Related Parent Applications (1)

Application Number Title Priority Date Filing Date
US08/845,196 Continuation US6085320A (en) 1996-05-15 1997-04-21 Client/server protocol for proving authenticity

Publications (1)

Publication Number Publication Date
US6189098B1 true US6189098B1 (en) 2001-02-13

Family

ID=27095377

Family Applications (2)

Application Number Title Priority Date Filing Date
US08/845,196 Expired - Lifetime US6085320A (en) 1996-05-15 1997-04-21 Client/server protocol for proving authenticity
US09/527,020 Expired - Lifetime US6189098B1 (en) 1996-05-15 2000-03-16 Client/server protocol for proving authenticity

Family Applications Before (1)

Application Number Title Priority Date Filing Date
US08/845,196 Expired - Lifetime US6085320A (en) 1996-05-15 1997-04-21 Client/server protocol for proving authenticity

Country Status (3)

Country Link
US (2) US6085320A (en)
EP (1) EP0807911A3 (en)
JP (1) JPH113033A (en)

Cited By (314)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
US20010002929A1 (en) * 1999-12-02 2001-06-07 Niels Mache Message authentication
US20020029342A1 (en) * 2000-09-07 2002-03-07 Keech Winston Donald Systems and methods for identity verification for secure transactions
US20020032862A1 (en) * 2000-08-25 2002-03-14 Harrison Keith Alexander Document Transmission techniques II
US6367019B1 (en) * 1999-03-26 2002-04-02 Liquid Audio, Inc. Copy security for portable music players
US6385596B1 (en) 1998-02-06 2002-05-07 Liquid Audio, Inc. Secure online music distribution system
US20020056040A1 (en) * 2000-08-10 2002-05-09 Timothy J. Simms System and method for establishing secure communication
US20020054334A1 (en) * 2000-08-25 2002-05-09 Harrison Keith Alexander Document transmission Techniques I
US6389536B1 (en) * 1998-02-09 2002-05-14 Fuji Xerox Co., Ltd. Device for verifying use qualifications
US20020095589A1 (en) * 2000-11-28 2002-07-18 Keech Winston Donald Secure file transfer method and system
US20020110147A1 (en) * 2000-12-20 2002-08-15 Eatough David Arthur Techniques for storing data on message queuing middleware servers without registration of the sending application
US20020129261A1 (en) * 2001-03-08 2002-09-12 Cromer Daryl Carvis Apparatus and method for encrypting and decrypting data recorded on portable cryptographic tokens
US20020166048A1 (en) * 2001-05-01 2002-11-07 Frank Coulier Use and generation of a session key in a secure socket layer connection
US20020184504A1 (en) * 2001-03-26 2002-12-05 Eric Hughes Combined digital signature
US20020188843A1 (en) * 1996-05-14 2002-12-12 Kocher Paul Carl Apparatus and method for demonstrating and confirming the status of digital certificates and other data
US20020196764A1 (en) * 2001-06-25 2002-12-26 Nec Corporation Method and system for authentication in wireless LAN system
WO2003007228A1 (en) * 2001-07-11 2003-01-23 Anoto Ab Encryption protocol
US20030021419A1 (en) * 2001-07-11 2003-01-30 Hansen Mads Dore Encryption protocol
US20030041110A1 (en) * 2000-07-28 2003-02-27 Storymail, Inc. System, Method and Structure for generating and using a compressed digital certificate
US20030046542A1 (en) * 2001-09-04 2003-03-06 Hewlett-Packard Company Method and apparatus for using a secret in a distributed computing system
US20030101343A1 (en) * 2001-11-27 2003-05-29 Eaton Eric Thomas System for providing continuity between messaging clients and method therefor
US20030187799A1 (en) * 2002-02-27 2003-10-02 William Sellars Multiple party content distribution system and method with rights management features
US20030188180A1 (en) * 2002-03-28 2003-10-02 Overney Gregor T. Secure file verification station for ensuring data integrity
US20030186699A1 (en) * 2002-03-28 2003-10-02 Arlene Havlark Wireless telecommunications location based services scheme selection
US20030187803A1 (en) * 2002-03-28 2003-10-02 Pitt Lance Douglas Location fidelity adjustment based on mobile subscriber privacy profile
US20030191945A1 (en) * 2002-04-03 2003-10-09 Swivel Technologies Limited System and method for secure credit and debit card transactions
US20030208677A1 (en) * 2002-05-03 2003-11-06 Microsoft Corporation Methods for iteratively deriving security keys for communications sessions
US20040008846A1 (en) * 2002-07-10 2004-01-15 Alexander Medvinsky Method of preventing unauthorized distribution and use of electronic keys using a key seed
US20040030888A1 (en) * 2002-08-08 2004-02-12 Roh Jong Hyuk Method of validating certificate by certificate validation server using certificate policies and certificate policy mapping in public key infrastructure
US20040049521A1 (en) * 1999-02-26 2004-03-11 Authentidate Holding Corp. Digital file management and imaging system and method including secure file marking
US20040048627A1 (en) * 2000-07-21 2004-03-11 Ulises Olvera-Hernandez Method and apparatus for enhanced short message service
US20040098582A1 (en) * 2002-09-19 2004-05-20 Konami Corporation Certification processing hardware, certification processing system and use management hardware
US20040123151A1 (en) * 2002-12-23 2004-06-24 Authenture, Inc. Operation modes for user authentication system based on random partial pattern recognition
US20040123156A1 (en) * 2002-10-16 2004-06-24 Hammond Frank J. System and method of non-centralized zero knowledge authentication for a computer network
US20040123160A1 (en) * 2002-12-23 2004-06-24 Authenture, Inc. Authentication system and method based upon random partial pattern recognition
US20040125959A1 (en) * 2000-04-03 2004-07-01 Beuque Jean-Bernard Gerard Maurice Authentication of data transmitted in a digital transmission system
US6760752B1 (en) * 1999-06-28 2004-07-06 Zix Corporation Secure transmission system
GB2397678A (en) * 2003-01-23 2004-07-28 Sema Uk Ltd A secure terminal for use with a smart card based loyalty scheme
US20040154459A1 (en) * 2003-01-28 2004-08-12 Yamaha Corporation Apparatus for reproduction song data with limitation dependent on preview or purchase
US20040177252A1 (en) * 2001-06-27 2004-09-09 Luc Vallee Cryptographic authentication process
US20040193923A1 (en) * 2003-01-16 2004-09-30 Hammond Frank J. Systems and methods for enterprise security with collaborative peer to peer architecture
US20040203597A1 (en) * 2002-03-28 2004-10-14 Pitt Lance Douglas Mobile subscriber privacy evaluation using solicited vs. unsolicited differentiation
US20040225880A1 (en) * 2003-05-07 2004-11-11 Authenture, Inc. Strong authentication systems built on combinations of "what user knows" authentication factors
US20040225899A1 (en) * 2003-05-07 2004-11-11 Authenture, Inc. Authentication system and method based upon random partial digitized path recognition
US20040236953A1 (en) * 2001-05-15 2004-11-25 Olivier Merenne Method and device for transmitting an electronic message
US20040264699A1 (en) * 2003-06-24 2004-12-30 Meandzija Branislav N. Terminal authentication in a wireless network
US20050003814A1 (en) * 2003-03-06 2005-01-06 Sony Corporation Wireless communication system, terminal, message sending method, and program for allowing terminal to execute the method
US20050005095A1 (en) * 2003-06-24 2005-01-06 Meandzija Branislav N. Terminal identity masking in a wireless network
US20050010536A1 (en) * 2002-02-27 2005-01-13 Imagineer Software, Inc. Secure communication and real-time watermarking using mutating identifiers
WO2005008950A1 (en) * 2003-07-10 2005-01-27 Rsa Security, Inc. Secure seed generation protocol
US20050050322A1 (en) * 2003-09-02 2005-03-03 Authenture, Inc. Key conversion method for communication session encryption and authentication system
US20050050323A1 (en) * 2003-09-02 2005-03-03 Authenture, Inc. Communication session encryption and authentication system
US20050050328A1 (en) * 2003-09-02 2005-03-03 Authenture, Inc. Key generation method for communication session encryption and authentication system
US20050086468A1 (en) * 2003-10-17 2005-04-21 Branislav Meandzija Digital certificate related to user terminal hardware in a wireless network
US20050109841A1 (en) * 2003-11-17 2005-05-26 Ryan Dennis J. Multi-interface compact personal token apparatus and methods of use
US6901509B1 (en) 1996-05-14 2005-05-31 Tumbleweed Communications Corp. Apparatus and method for demonstrating and confirming the status of a digital certificates and other data
US20050118999A1 (en) * 2003-12-02 2005-06-02 Yinjun Zhu User plane location based service using message tunneling to support roaming
US20050138361A1 (en) * 2003-12-22 2005-06-23 Mart Saarepera System and method for generating a digital certificate
US20050154671A1 (en) * 2004-01-08 2005-07-14 International Business Machines Corporation Systems and methods for mitigating identity theft associated with use of credit and debit cards
US20050195975A1 (en) * 2003-01-21 2005-09-08 Kevin Kawakita Digital media distribution cryptography using media ticket smart cards
US20050226419A1 (en) * 2004-04-12 2005-10-13 Smathers Kevin L Method and system for cryptographically secure hashed end marker of streaming data
US20050240998A1 (en) * 2004-04-22 2005-10-27 International Business Machines Corporation System and method for user determination of secure software
US20060015743A1 (en) * 2004-07-15 2006-01-19 Anakam L.L.C. System and method for blocking unauthorized network log in using stolen password
US7003674B1 (en) 2000-07-31 2006-02-21 Western Digital Ventures, Inc. Disk drive employing a disk with a pristine area for storing encrypted data accessible only by trusted devices or clients to facilitate secure network communications
US20060048210A1 (en) * 2004-09-01 2006-03-02 Hildre Eric A System and method for policy enforcement in structured electronic messages
US20060059546A1 (en) * 2004-09-01 2006-03-16 David Nester Single sign-on identity and access management and user authentication method and apparatus
US20060059548A1 (en) * 2004-09-01 2006-03-16 Hildre Eric A System and method for policy enforcement and token state monitoring
US20060069921A1 (en) * 2004-07-15 2006-03-30 Allan Camaisa System and method for blocking unauthorized network log in using stolen password
FR2875977A1 (en) * 2004-09-29 2006-03-31 France Telecom CRYPTOGRAPHIC SYSTEM AND METHOD WITH A PUBLIC KEY AND CERTIFICATION SERVER, MEMORIES ADAPTED FOR THIS SYSTEM
US20060075230A1 (en) * 2004-10-05 2006-04-06 Baird Leemon C Iii Apparatus and method for authenticating access to a network resource using multiple shared devices
US20060095388A1 (en) * 2004-10-29 2006-05-04 Research In Motion Limited System and method for verifying digital signatures on certificates
US20060136317A1 (en) * 2000-11-03 2006-06-22 Authernative, Inc. Method of one time authentication response to a session-specific challenge indicating a random subset of password or PIN character positions
US7069439B1 (en) 1999-03-05 2006-06-27 Hewlett-Packard Development Company, L.P. Computing apparatus and methods using secure authentication arrangements
US20060155991A1 (en) * 2005-01-07 2006-07-13 Kim Kun S Authentication method, encryption method, decryption method, cryptographic system and recording medium
US20060173794A1 (en) * 2002-02-27 2006-08-03 Imagineer Software, Inc. Secure electronic commerce using mutating identifiers
US7099848B1 (en) * 1999-02-16 2006-08-29 Listen.Com, Inc. Audio delivery and rendering method and apparatus
US20060195402A1 (en) * 2002-02-27 2006-08-31 Imagineer Software, Inc. Secure data transmission using undiscoverable or black data
US20060212585A1 (en) * 2002-02-08 2006-09-21 Eaton Eric T System for providing continuity between session clients and method therefor
US7137012B1 (en) * 1999-06-16 2006-11-14 Kabushiki Kaisha Toshiba Storage medium and contents protection method using the storage medium
US7137006B1 (en) 1999-09-24 2006-11-14 Citicorp Development Center, Inc. Method and system for single sign-on user access to multiple web servers
US7143285B2 (en) 2001-05-22 2006-11-28 International Business Machines Corporation Password exposure elimination for digital signature coupling with a host identity
US7155616B1 (en) 2000-07-31 2006-12-26 Western Digital Ventures, Inc. Computer network comprising network authentication facilities implemented in a disk drive
WO2007001287A1 (en) * 2005-06-23 2007-01-04 Thomson Licensing Multi-media access device registration system and method
WO2007002816A2 (en) * 2005-06-29 2007-01-04 Microsoft Corporation Establishing secure mutual trust using an insecure password
US20070021125A1 (en) * 2005-07-19 2007-01-25 Yinjun Zhu Location service requests throttling
US7174569B1 (en) * 1999-08-13 2007-02-06 Cisco Technology, Inc. Client security for networked applications
US20070049288A1 (en) * 2005-08-24 2007-03-01 Lamprecht Leslie J Creating optimum temporal location trigger for multiple requests
US20070061878A1 (en) * 2005-09-12 2007-03-15 Microsoft Corporation Creating secure interactive connections with remote resources
US20070071238A1 (en) * 2005-09-29 2007-03-29 Research In Motion Limited System and method for providing an indication of randomness quality of random number data generated by a random data service
US20070075849A1 (en) * 2005-10-05 2007-04-05 Pitt Lance D Cellular augmented vehicle alarm notification together with location services for position of an alarming vehicle
US20070075848A1 (en) * 2005-10-05 2007-04-05 Pitt Lance D Cellular augmented vehicle alarm
US20070092070A1 (en) * 2005-10-06 2007-04-26 Jon Croy Voice over Internet protocol (VoIP) location based 911 conferencing
US7215771B1 (en) 2000-06-30 2007-05-08 Western Digital Ventures, Inc. Secure disk drive comprising a secure drive key and a drive ID for implementing secure communication over a public network
US20070124810A1 (en) * 2005-11-29 2007-05-31 Sigalow Ian D Method and system for securing electronic transactions
US20070180262A1 (en) * 2006-01-20 2007-08-02 Glenbrook Associates, Inc. System and method for the automated processing of physical objects
US20070190968A1 (en) * 2006-02-16 2007-08-16 Richard Dickinson Enhanced E911 network access for call centers
WO2006071501A3 (en) * 2004-12-28 2007-08-23 Motorola Inc Authentication for ad hoc network setup
US20070201623A1 (en) * 2006-02-24 2007-08-30 John Gordon Hines Automatic location identification (ALI) emergency services pseudo key (ESPK)
US20070202851A1 (en) * 2002-03-28 2007-08-30 Hines Gordon J Area watcher for wireless network
US7266685B1 (en) * 2003-06-24 2007-09-04 Arraycomm, Llc Time certification in a wireless communications network
US20070207797A1 (en) * 2006-03-01 2007-09-06 Pitt Lance D Cellular augmented radar/laser detection using local mobile network within cellular network
US20070238455A1 (en) * 2006-04-07 2007-10-11 Yinjun Zhu Mobile based area event handling when currently visited network doe not cover area
US20070256123A1 (en) * 2005-12-01 2007-11-01 Rsa Security, Inc. Detecting and preventing replay in authentication systems
US20070266257A1 (en) * 2004-07-15 2007-11-15 Allan Camaisa System and method for blocking unauthorized network log in using stolen password
FR2901084A1 (en) * 2006-05-15 2007-11-16 Ibrahim Hajjeh User`s identity protecting method for e.g. mobile telephone, involves ensuring protection of identity of client device user, and deriving encryption key from less weightage bits of key generated from premaster secret and random values
US20080014867A1 (en) * 2004-11-16 2008-01-17 Advanced Microelectronic And Automation Technology Ltd. Portable Identity Card Reader System For Physical and Logical Access
US20080022089A1 (en) * 2006-06-26 2008-01-24 Leedom Charles M Security system for handheld wireless devices using-time variable encryption keys
US20080028447A1 (en) * 2006-02-10 2008-01-31 Rsa Security Inc. Method and system for providing a one time password to work in conjunction with a browser
US20080029607A1 (en) * 2005-05-09 2008-02-07 Mullen Jeffrey D Dynamic credit card with magnetic stripe and embedded encoder and methods for using the same to provide a copy-proof credit card
US20080036655A1 (en) * 2004-10-15 2008-02-14 Lance Douglas Pitt Culled satellite ephemeris information based on limiting a span of an inverted cone for locating satellite in-range determinations
US20080035738A1 (en) * 2005-05-09 2008-02-14 Mullen Jeffrey D Dynamic credit card with magnetic stripe and embedded encoder and methods for using the same to provide a copy-proof credit card
US20080072045A1 (en) * 2006-08-23 2008-03-20 Authernative, Inc. Authentication method of random partial digitized path recognition with a challenge built into the path
US20080090546A1 (en) * 2006-10-17 2008-04-17 Richard Dickinson Enhanced E911 network access for a call center using session initiation protocol (SIP) messaging
US7370350B1 (en) * 2002-06-27 2008-05-06 Cisco Technology, Inc. Method and apparatus for re-authenticating computing devices
US20080126535A1 (en) * 2006-11-28 2008-05-29 Yinjun Zhu User plane location services over session initiation protocol (SIP)
US7386727B1 (en) 1998-10-24 2008-06-10 Encorus Holdings Limited Method for digital signing of a message
US20080154966A1 (en) * 2006-05-04 2008-06-26 Gerhard Geldenbott Extended efficient usage of emergency services keys
US20080167018A1 (en) * 2007-01-10 2008-07-10 Arlene Havlark Wireless telecommunications location based services scheme selection
EP1944714A1 (en) * 2007-01-10 2008-07-16 Jaycrypto Limited Method and systems for providing the authenticity of a client to a server
AU2005225093B2 (en) * 2004-10-29 2008-09-25 Blackberry Limited System and method for verifying digital signatures on certificates
US7430606B1 (en) 2003-10-17 2008-09-30 Arraycomm, Llc Reducing certificate revocation lists at access points in a wireless access network
US20080242260A1 (en) * 2002-03-28 2008-10-02 Arlene Havlark Wireless telecommunications location based services scheme selection
US20080242296A1 (en) * 2006-11-03 2008-10-02 D Souza Myron Roaming gateway enabling location based services (LBS) roaming for user plane in CDMA networks without requiring use of a mobile positioning center (MPC)
US20080250477A1 (en) * 2004-07-15 2008-10-09 Anakam Inc. System and method for second factor authentication services
US20080261619A1 (en) * 2006-09-26 2008-10-23 John Gordon Hines Injection of location object into routing SIP message
US20080307488A1 (en) * 2002-10-16 2008-12-11 Innerwall, Inc. Systems And Methods For Enterprise Security With Collaborative Peer To Peer Architecture
US7471236B1 (en) 2006-03-01 2008-12-30 Telecommunication Systems, Inc. Cellular augmented radar/laser detector
US20090004999A1 (en) * 2003-12-19 2009-01-01 Yinjun Zhu Solutions for voice over internet protocol (VoIP) 911 location services
US20090015469A1 (en) * 2004-10-15 2009-01-15 Lance Douglas Pitt Culled satellite ephemeris information for quick, accurate assisted locating satellite location determination for cell site antennas
US7484089B1 (en) * 2002-09-06 2009-01-27 Citicorp Developmemt Center, Inc. Method and system for certificate delivery and management
US20090034730A1 (en) * 1997-10-28 2009-02-05 Encorus Holdings Limited Process for digital signing of a message
US20090159698A1 (en) * 2007-12-24 2009-06-25 Dymanics Inc. Payment cards and devices with gift card, global integration, and magnetic stripe reader communication functionality
US20090227225A1 (en) * 2007-09-17 2009-09-10 Mitchell Jr Donald L Emergency 911 data messaging
US7597250B2 (en) 2003-11-17 2009-10-06 Dpd Patent Trust Ltd. RFID reader with multiple interfaces
US20090259848A1 (en) * 2004-07-15 2009-10-15 Williams Jeffrey B Out of band system and method for authentication
US7640186B1 (en) * 1999-11-16 2009-12-29 Cfph, Llc Systems and methods for reselling electronic merchandise
US20100045520A1 (en) * 2004-10-15 2010-02-25 Lance Douglas Pitt Culled satellite ephemeris information for quick, accurate assisted locating satellite location determination for cell site antennas
EP2159762A1 (en) 2008-08-27 2010-03-03 Deutsche Telekom AG Chip card based authentication method
US20100088195A1 (en) * 2008-10-08 2010-04-08 International Business Machines Corporation Method of requesting a customized instance of an object using information contained within an existing instance
US20100093371A1 (en) * 2008-10-14 2010-04-15 Todd Gehrke Location based geo-reminders
US20100100967A1 (en) * 2004-07-15 2010-04-22 Douglas James E Secure collaborative environment
US7762470B2 (en) 2003-11-17 2010-07-27 Dpd Patent Trust Ltd. RFID token with multiple interface controller
US20100284366A1 (en) * 2009-05-05 2010-11-11 Yinjun Zhu Multiple location retrieval function (LRF) network having location continuity
US20100306525A1 (en) * 2009-05-28 2010-12-02 Microsoft Corporation Efficient distribution of computation in key agreement
US20100332848A1 (en) * 2005-09-29 2010-12-30 Research In Motion Limited System and method for code signing
US20110009086A1 (en) * 2009-07-10 2011-01-13 Todd Poremba Text to 9-1-1 emergency communication
US20110064046A1 (en) * 2009-09-11 2011-03-17 Yinjun Zhu User plane emergency location continuity for voice over internet protocol (VoIP)/IMS emergency services
US7929530B2 (en) 2007-11-30 2011-04-19 Telecommunication Systems, Inc. Ancillary data support in session initiation protocol (SIP) messaging
US20110149953A1 (en) * 2009-12-23 2011-06-23 William Helgeson Tracking results of a v2 query in voice over internet (VoIP) emergency call systems
US7973607B1 (en) 2007-04-23 2011-07-05 Emc Corporation RTC circuit with time value adjustment
USD643063S1 (en) 2010-07-09 2011-08-09 Dynamics Inc. Interactive electronic card with display
US20110211494A1 (en) * 2002-03-28 2011-09-01 Rhodes Jeffrey C Public safety access point (PSAP) selection for E911 wireless callers in a GSM type system
US8032112B2 (en) 2002-03-28 2011-10-04 Telecommunication Systems, Inc. Location derived presence information
US8066191B1 (en) 2009-04-06 2011-11-29 Dynamics Inc. Cards and assemblies with user interfaces
US8068587B2 (en) 2008-08-22 2011-11-29 Telecommunication Systems, Inc. Nationwide table routing of voice over internet protocol (VOIP) emergency calls
USD651238S1 (en) 2010-07-09 2011-12-27 Dynamics Inc. Interactive electronic card with display
USD651237S1 (en) 2010-07-09 2011-12-27 Dynamics Inc. Interactive electronic card with display
USD651644S1 (en) 2010-07-09 2012-01-03 Dynamics Inc. Interactive electronic card with display
USD652076S1 (en) 2010-07-09 2012-01-10 Dynamics Inc. Multiple button interactive electronic card with display
USD652075S1 (en) 2010-07-02 2012-01-10 Dynamics Inc. Multiple button interactive electronic card
USD652449S1 (en) 2010-07-02 2012-01-17 Dynamics Inc. Multiple button interactive electronic card
USD652450S1 (en) 2010-07-09 2012-01-17 Dynamics Inc. Multiple button interactive electronic card
USD652448S1 (en) 2010-07-02 2012-01-17 Dynamics Inc. Multiple button interactive electronic card
USD652867S1 (en) 2010-07-02 2012-01-24 Dynamics Inc. Multiple button interactive electronic card
USD653288S1 (en) 2010-07-09 2012-01-31 Dynamics Inc. Multiple button interactive electronic card
EP2416524A2 (en) 2010-07-09 2012-02-08 Tata Consultancy Services Limited System and method for secure transaction of data between wireless communication device and server
US8146141B1 (en) 2003-12-16 2012-03-27 Citibank Development Center, Inc. Method and system for secure authentication of a user by a host system
US8165965B2 (en) 1997-06-27 2012-04-24 Swisscom Ag Transaction method with a mobile apparatus
US20120179903A1 (en) * 2011-01-06 2012-07-12 International Business Machines Corporation Compact attribute for cryptographically protected messages
US8226001B1 (en) 2010-06-23 2012-07-24 Fiteq, Inc. Method for broadcasting a magnetic stripe data packet from an electronic smart card
US8231063B2 (en) 2005-03-26 2012-07-31 Privasys Inc. Electronic card and methods for making same
USD665022S1 (en) 2010-07-09 2012-08-07 Dynamics Inc. Multiple button interactive electronic card with light source
USD665447S1 (en) 2010-07-09 2012-08-14 Dynamics Inc. Multiple button interactive electronic card with light source and display
USD666241S1 (en) 2010-07-09 2012-08-28 Dynamics Inc. Multiple button interactive electronic card with light source
US20120265690A1 (en) * 1999-08-31 2012-10-18 American Express Travel Related Services Company, Inc. Methods and apparatus for conducting electronic transactions
USD670332S1 (en) 2011-05-12 2012-11-06 Dynamics Inc. Interactive card
USD670330S1 (en) 2011-05-12 2012-11-06 Dynamics Inc. Interactive card
USD670331S1 (en) 2011-05-12 2012-11-06 Dynamics Inc. Interactive display card
USD670329S1 (en) 2011-05-12 2012-11-06 Dynamics Inc. Interactive display card
USD670759S1 (en) 2010-07-02 2012-11-13 Dynamics Inc. Multiple button interactive electronic card with light sources
US8315599B2 (en) 2010-07-09 2012-11-20 Telecommunication Systems, Inc. Location privacy selector
US8317103B1 (en) 2010-06-23 2012-11-27 FiTeq Method for broadcasting a magnetic stripe data packet from an electronic smart card
US8322623B1 (en) 2010-07-26 2012-12-04 Dynamics Inc. Systems and methods for advanced card printing
USD672389S1 (en) 2010-07-02 2012-12-11 Dynamics Inc. Multiple button interactive electronic card with light sources
US8336664B2 (en) 2010-07-09 2012-12-25 Telecommunication Systems, Inc. Telematics basic mobile device safety interlock
USD673606S1 (en) 2012-08-27 2013-01-01 Dynamics Inc. Interactive electronic card with display and buttons
US8348172B1 (en) 2010-03-02 2013-01-08 Dynamics Inc. Systems and methods for detection mechanisms for magnetic cards and devices
USD674013S1 (en) 2010-07-02 2013-01-08 Dynamics Inc. Multiple button interactive electronic card with light sources
USD675256S1 (en) 2012-08-27 2013-01-29 Dynamics Inc. Interactive electronic card with display and button
US8369967B2 (en) 1999-02-01 2013-02-05 Hoffberg Steven M Alarm system controller and a method for controlling an alarm system
USD676487S1 (en) 2012-08-27 2013-02-19 Dynamics Inc. Interactive electronic card with display and buttons
USD676904S1 (en) 2011-05-12 2013-02-26 Dynamics Inc. Interactive display card
US8385964B2 (en) 2005-04-04 2013-02-26 Xone, Inc. Methods and apparatuses for geospatial-based sharing of information by multiple devices
US8393545B1 (en) 2009-06-23 2013-03-12 Dynamics Inc. Cards deployed with inactivated products for activation
US8393546B1 (en) 2009-10-25 2013-03-12 Dynamics Inc. Games, prizes, and entertainment for powered cards and devices
US8467320B2 (en) 2005-10-06 2013-06-18 Telecommunication Systems, Inc. Voice over internet protocol (VoIP) multi-user conferencing
US8485446B1 (en) 2011-03-28 2013-07-16 Dynamics Inc. Shielded magnetic stripe for magnetic cards and devices
USD687095S1 (en) 2012-08-27 2013-07-30 Dynamics Inc. Interactive electronic card with buttons
USD687094S1 (en) 2010-07-02 2013-07-30 Dynamics Inc. Multiple button interactive electronic card with light sources
USD687489S1 (en) 2012-08-27 2013-08-06 Dynamics Inc. Interactive electronic card with buttons
USD687487S1 (en) 2012-08-27 2013-08-06 Dynamics Inc. Interactive electronic card with display and button
USD687488S1 (en) 2012-08-27 2013-08-06 Dynamics Inc. Interactive electronic card with buttons
USD687490S1 (en) 2012-08-27 2013-08-06 Dynamics Inc. Interactive electronic card with display and button
USD687887S1 (en) 2012-08-27 2013-08-13 Dynamics Inc. Interactive electronic card with buttons
US8511574B1 (en) 2009-08-17 2013-08-20 Dynamics Inc. Advanced loyalty applications for powered cards and devices
USD688744S1 (en) 2012-08-27 2013-08-27 Dynamics Inc. Interactive electronic card with display and button
US8523059B1 (en) 2009-10-20 2013-09-03 Dynamics Inc. Advanced payment options for powered cards and devices
US8525681B2 (en) 2008-10-14 2013-09-03 Telecommunication Systems, Inc. Location based proximity alert
US8540165B2 (en) 2005-03-26 2013-09-24 Privasys, Inc. Laminated electronic card assembly
USD692053S1 (en) 2012-08-27 2013-10-22 Dynamics Inc. Interactive electronic card with display and button
US8561894B1 (en) 2010-10-20 2013-10-22 Dynamics Inc. Powered cards and devices designed, programmed, and deployed from a kiosk
US8567679B1 (en) 2011-01-23 2013-10-29 Dynamics Inc. Cards and devices with embedded holograms
US8579203B1 (en) 2008-12-19 2013-11-12 Dynamics Inc. Electronic magnetic recorded media emulators in magnetic card devices
USD694322S1 (en) 2012-08-27 2013-11-26 Dynamics Inc. Interactive electronic card with display buttons
US8602312B2 (en) 2010-02-16 2013-12-10 Dynamics Inc. Systems and methods for drive circuits for dynamic magnetic stripe communications devices
USD695636S1 (en) 2012-08-27 2013-12-17 Dynamics Inc. Interactive electronic card with display and buttons
US8622309B1 (en) 2009-04-06 2014-01-07 Dynamics Inc. Payment cards and devices with budgets, parental controls, and virtual accounts
US8628022B1 (en) 2011-05-23 2014-01-14 Dynamics Inc. Systems and methods for sensor mechanisms for magnetic cards and devices
US8666397B2 (en) 2002-12-13 2014-03-04 Telecommunication Systems, Inc. Area event handling when current network does not cover target area
US8682321B2 (en) 2011-02-25 2014-03-25 Telecommunication Systems, Inc. Mobile internet protocol (IP) location
US8688174B2 (en) 2012-03-13 2014-04-01 Telecommunication Systems, Inc. Integrated, detachable ear bud device for a wireless phone
US8684267B2 (en) 2005-03-26 2014-04-01 Privasys Method for broadcasting a magnetic stripe data packet from an electronic smart card
US8688087B2 (en) 2010-12-17 2014-04-01 Telecommunication Systems, Inc. N-dimensional affinity confluencer
US8727219B1 (en) 2009-10-12 2014-05-20 Dynamics Inc. Magnetic stripe track signal having multiple communications channels
US8831556B2 (en) 2011-09-30 2014-09-09 Telecommunication Systems, Inc. Unique global identifier header for minimizing prank emergency 911 calls
US8827153B1 (en) 2011-07-18 2014-09-09 Dynamics Inc. Systems and methods for waveform generation for dynamic magnetic stripe communications devices
US8868919B2 (en) 2012-10-23 2014-10-21 Authernative, Inc. Authentication method of field contents based challenge and enumerated pattern of field positions based response in random partial digitized path recognition system
US8892495B2 (en) 1991-12-23 2014-11-18 Blanding Hovenweep, Llc Adaptive pattern recognition based controller apparatus and method and human-interface therefore
US8888009B1 (en) 2012-02-14 2014-11-18 Dynamics Inc. Systems and methods for extended stripe mechanisms for magnetic cards and devices
US8931703B1 (en) 2009-03-16 2015-01-13 Dynamics Inc. Payment cards and devices for displaying barcodes
US8942743B2 (en) 2010-12-17 2015-01-27 Telecommunication Systems, Inc. iALERT enhanced alert manager
US8955074B2 (en) 2012-10-23 2015-02-10 Authernative, Inc. Authentication method of enumerated pattern of field positions based challenge and enumerated pattern of field positions based response through interaction between two credentials in random partial digitized path recognition system
US8960545B1 (en) 2011-11-21 2015-02-24 Dynamics Inc. Data modification for magnetic cards and devices
US8983047B2 (en) 2013-03-20 2015-03-17 Telecommunication Systems, Inc. Index of suspicion determination for communications request
US8984591B2 (en) 2011-12-16 2015-03-17 Telecommunications Systems, Inc. Authentication via motion of wireless device movement
US9010644B1 (en) 2012-11-30 2015-04-21 Dynamics Inc. Dynamic magnetic stripe communications device with stepped magnetic material for magnetic cards and devices
US9010647B2 (en) 2012-10-29 2015-04-21 Dynamics Inc. Multiple sensor detector systems and detection methods of magnetic cards and devices
US9033218B1 (en) 2012-05-15 2015-05-19 Dynamics Inc. Cards, devices, systems, methods and dynamic security codes
USD729871S1 (en) 2012-08-27 2015-05-19 Dynamics Inc. Interactive electronic card with display and buttons
USD729869S1 (en) 2012-08-27 2015-05-19 Dynamics Inc. Interactive electronic card with display and button
USD729870S1 (en) 2012-08-27 2015-05-19 Dynamics Inc. Interactive electronic card with display and button
USD730438S1 (en) 2012-08-27 2015-05-26 Dynamics Inc. Interactive electronic card with display and button
USD730439S1 (en) 2012-08-27 2015-05-26 Dynamics Inc. Interactive electronic card with buttons
US9053398B1 (en) 2010-08-12 2015-06-09 Dynamics Inc. Passive detection mechanisms for magnetic cards and devices
US9064195B2 (en) 2012-06-29 2015-06-23 Dynamics Inc. Multiple layer card circuit boards
USD737373S1 (en) 2013-09-10 2015-08-25 Dynamics Inc. Interactive electronic card with contact connector
US9130963B2 (en) 2011-04-06 2015-09-08 Telecommunication Systems, Inc. Ancillary data support in session initiation protocol (SIP) messaging
US20150295720A1 (en) * 2014-04-11 2015-10-15 Guardtime IP Holdings, Ltd. System and Method for Sequential Data Signatures
US9167553B2 (en) 2006-03-01 2015-10-20 Telecommunication Systems, Inc. GeoNexus proximity detector network
US9198054B2 (en) 2011-09-02 2015-11-24 Telecommunication Systems, Inc. Aggregate location dynometer (ALD)
US9208346B2 (en) 2012-09-05 2015-12-08 Telecommunication Systems, Inc. Persona-notitia intellection codifier
US9215072B1 (en) 2012-10-23 2015-12-15 Authernative, Inc. Back-end matching method supporting front-end knowledge-based probabilistic authentication systems for enhanced credential security
US9220958B2 (en) 2002-03-28 2015-12-29 Telecommunications Systems, Inc. Consequential location derived information
US9232062B2 (en) 2007-02-12 2016-01-05 Telecommunication Systems, Inc. Mobile automatic location identification (ALI) for first responders
US9264537B2 (en) 2011-12-05 2016-02-16 Telecommunication Systems, Inc. Special emergency call treatment based on the caller
USD750167S1 (en) 2013-03-04 2016-02-23 Dynamics Inc. Interactive electronic card with buttons
USD750168S1 (en) 2013-03-04 2016-02-23 Dynamics Inc. Interactive electronic card with display and button
USD750166S1 (en) 2013-03-04 2016-02-23 Dynamics Inc. Interactive electronic card with display and buttons
US9282451B2 (en) 2005-09-26 2016-03-08 Telecommunication Systems, Inc. Automatic location identification (ALI) service requests steering, connection sharing and protocol translation
USD751639S1 (en) 2013-03-04 2016-03-15 Dynamics Inc. Interactive electronic card with display and button
USD751640S1 (en) 2013-03-04 2016-03-15 Dynamics Inc. Interactive electronic card with display and button
US9301191B2 (en) 2013-09-20 2016-03-29 Telecommunication Systems, Inc. Quality of service to over the top applications used with VPN
US9307372B2 (en) 2012-03-26 2016-04-05 Telecommunication Systems, Inc. No responders online
US9306666B1 (en) 2009-10-08 2016-04-05 Dynamics Inc. Programming protocols for powered cards and devices
US9313637B2 (en) 2011-12-05 2016-04-12 Telecommunication Systems, Inc. Wireless emergency caller profile data delivery over a legacy interface
US9313638B2 (en) 2012-08-15 2016-04-12 Telecommunication Systems, Inc. Device independent caller data access for emergency calls
US9329619B1 (en) 2009-04-06 2016-05-03 Dynamics Inc. Cards with power management
US9338153B2 (en) 2012-04-11 2016-05-10 Telecommunication Systems, Inc. Secure distribution of non-privileged authentication credentials
US9384339B2 (en) 2012-01-13 2016-07-05 Telecommunication Systems, Inc. Authenticating cloud computing enabling secure services
US9408034B2 (en) 2013-09-09 2016-08-02 Telecommunication Systems, Inc. Extended area event for network based proximity discovery
USD764584S1 (en) 2013-03-04 2016-08-23 Dynamics Inc. Interactive electronic card with buttons
USD765174S1 (en) 2013-03-04 2016-08-30 Dynamics Inc. Interactive electronic card with button
USD765173S1 (en) 2013-03-04 2016-08-30 Dynamics Inc. Interactive electronic card with display and button
USD767024S1 (en) 2013-09-10 2016-09-20 Dynamics Inc. Interactive electronic card with contact connector
US9456301B2 (en) 2012-12-11 2016-09-27 Telecommunication Systems, Inc. Efficient prisoner tracking
US9479344B2 (en) 2011-09-16 2016-10-25 Telecommunication Systems, Inc. Anonymous voice conversation
US9479897B2 (en) 2013-10-03 2016-10-25 Telecommunication Systems, Inc. SUPL-WiFi access point controller location based services for WiFi enabled mobile devices
US9516104B2 (en) 2013-09-11 2016-12-06 Telecommunication Systems, Inc. Intelligent load balancer enhanced routing
US9544260B2 (en) 2012-03-26 2017-01-10 Telecommunication Systems, Inc. Rapid assignment dynamic ownership queue
USD777252S1 (en) 2013-03-04 2017-01-24 Dynamics Inc. Interactive electronic card with buttons
US9619741B1 (en) 2011-11-21 2017-04-11 Dynamics Inc. Systems and methods for synchronization mechanisms for magnetic cards and devices
US9646240B1 (en) 2010-11-05 2017-05-09 Dynamics Inc. Locking features for powered cards and devices
US9659246B1 (en) 2012-11-05 2017-05-23 Dynamics Inc. Dynamic magnetic stripe communications device with beveled magnetic material for magnetic cards and devices
US9692770B2 (en) 2014-05-27 2017-06-27 Panasonic Intellectual Property Management Co., Ltd. Signature verification using unidirectional function
USD792512S1 (en) 2010-07-09 2017-07-18 Dynamics Inc. Display with font
USD792513S1 (en) 2010-07-09 2017-07-18 Dynamics Inc. Display with font
US9710745B1 (en) 2012-02-09 2017-07-18 Dynamics Inc. Systems and methods for automated assembly of dynamic magnetic stripe communications devices
USD792511S1 (en) 2010-07-09 2017-07-18 Dynamics Inc. Display with font
US9734669B1 (en) 2012-04-02 2017-08-15 Dynamics Inc. Cards, devices, systems, and methods for advanced payment game of skill and game of chance functionality
US9818125B2 (en) 2011-02-16 2017-11-14 Dynamics Inc. Systems and methods for information exchange mechanisms for powered cards and devices
US9836680B1 (en) 2011-03-03 2017-12-05 Dynamics Inc. Systems and methods for advanced communication mechanisms for magnetic cards and devices
US9916992B2 (en) 2012-02-20 2018-03-13 Dynamics Inc. Systems and methods for flexible components for powered cards and devices
US10015159B2 (en) 2014-05-27 2018-07-03 Panasonic Intellectual Property Management Co., Ltd. Terminal authentication system, server device, and terminal authentication method
US10022884B1 (en) 2010-10-15 2018-07-17 Dynamics Inc. Systems and methods for alignment techniques for magnetic cards and devices
US10032049B2 (en) 2016-02-23 2018-07-24 Dynamics Inc. Magnetic cards and devices for motorized readers
US10055614B1 (en) 2010-08-12 2018-08-21 Dynamics Inc. Systems and methods for advanced detection mechanisms for magnetic cards and devices
US10062024B1 (en) 2012-02-03 2018-08-28 Dynamics Inc. Systems and methods for spike suppression for dynamic magnetic stripe communications devices
USD828870S1 (en) 2012-08-27 2018-09-18 Dynamics Inc. Display card
US10095970B1 (en) 2011-01-31 2018-10-09 Dynamics Inc. Cards including anti-skimming devices
US10108891B1 (en) 2014-03-21 2018-10-23 Dynamics Inc. Exchange coupled amorphous ribbons for electronic stripes
US10339746B1 (en) 1999-08-10 2019-07-02 Gofigure Payments, Llc Mobile device for making a mobile payment
US10361802B1 (en) 1999-02-01 2019-07-23 Blanding Hovenweep, Llc Adaptive pattern recognition based control system and method
US10461943B1 (en) * 2016-11-14 2019-10-29 Amazon Technologies, Inc. Transparently scalable virtual hardware security module
US10504105B2 (en) 2010-05-18 2019-12-10 Dynamics Inc. Systems and methods for cards and devices operable to communicate to touch sensitive displays
US10567975B2 (en) 2005-10-04 2020-02-18 Hoffberg Family Trust 2 Multifactorial optimization system and method
US10693263B1 (en) 2010-03-16 2020-06-23 Dynamics Inc. Systems and methods for audio connectors for powered cards and devices
US10949627B2 (en) 2012-12-20 2021-03-16 Dynamics Inc. Systems and methods for non-time smearing detection mechanisms for magnetic cards and devices
US11100431B2 (en) 2011-05-10 2021-08-24 Dynamics Inc. Systems and methods for mobile authorizations
US11126997B1 (en) 2012-10-02 2021-09-21 Dynamics Inc. Cards, devices, systems, and methods for a fulfillment system
US11140140B2 (en) 2016-11-14 2021-10-05 Amazon Technologies, Inc. Virtual cryptographic module with load balancer and cryptographic module fleet
US11177961B2 (en) * 2017-12-07 2021-11-16 Nec Corporation Method and system for securely sharing validation information using blockchain technology
US11399020B2 (en) 2019-06-28 2022-07-26 HCL Technologies Italy S.p.A System and method for authenticating server identity during connection establishment with client machine
US11409971B1 (en) 2011-10-23 2022-08-09 Dynamics Inc. Programming and test modes for powered cards and devices
US11418483B1 (en) 2012-04-19 2022-08-16 Dynamics Inc. Cards, devices, systems, and methods for zone-based network management
US11551046B1 (en) 2011-10-19 2023-01-10 Dynamics Inc. Stacked dynamic magnetic stripe commmunications device for magnetic cards and devices

Families Citing this family (224)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
US20020013898A1 (en) * 1997-06-04 2002-01-31 Sudia Frank W. Method and apparatus for roaming use of cryptographic values
US6085320A (en) * 1996-05-15 2000-07-04 Rsa Security Inc. Client/server protocol for proving authenticity
GB9709136D0 (en) * 1997-05-02 1997-06-25 Certicom Corp A log-on verification protocol
SE512748C2 (en) 1997-05-15 2000-05-08 Access Security Sweden Ab Procedure, active card, system and use of active card to carry out an electronic transaction
US7039802B1 (en) * 1997-06-06 2006-05-02 Thomson Licensing Conditional access system for set-top boxes
US7290288B2 (en) 1997-06-11 2007-10-30 Prism Technologies, L.L.C. Method and system for controlling access, by an authentication server, to protected computer resources provided via an internet protocol network
JP4006796B2 (en) * 1997-11-17 2007-11-14 株式会社日立製作所 Personal information management method and apparatus
GB2331822B (en) * 1997-12-01 2002-04-17 Global Money Transfer Holdings Method and apparatus for money transfers
JP4496440B2 (en) * 1998-01-12 2010-07-07 ソニー株式会社 Encrypted content transmission device
US6738907B1 (en) 1998-01-20 2004-05-18 Novell, Inc. Maintaining a soft-token private key store in a distributed environment
CA2235359C (en) 1998-03-23 2012-04-10 Certicom Corp. Implicit certificate scheme with ca chaining
US7096494B1 (en) 1998-05-05 2006-08-22 Chen Jay C Cryptographic system and method for electronic transactions
US6189096B1 (en) * 1998-05-06 2001-02-13 Kyberpass Corporation User authentification using a virtual private key
US6751729B1 (en) * 1998-07-24 2004-06-15 Spatial Adventures, Inc. Automated operation and security system for virtual private networks
FR2783624B1 (en) * 1998-09-21 2000-12-15 Cit Alcatel CHIP CARD FOR ACCESSING A REMOTE APPLICATION, TERMINAL AND COMMUNICATION SYSTEM THEREOF AND METHOD FOR ACCESSING THE REMOTE APPLICATION USING THIS CHIP CARD
EP1121779A4 (en) * 1998-10-07 2004-09-15 Nuvomedia Inc Certificate handling for digital rights management system
US6145084A (en) * 1998-10-08 2000-11-07 Net I Trust Adaptive communication system enabling dissimilar devices to exchange information over a network
US6438550B1 (en) * 1998-12-10 2002-08-20 International Business Machines Corporation Method and apparatus for client authentication and application configuration via smart cards
IL128720A (en) * 1999-02-25 2009-06-15 Cidway Technologies Ltd Method for certification of over the phone transactions
EP1079565A3 (en) * 1999-08-25 2003-04-02 Activcard Ireland Limited Method of securely establishing a secure communication link via an unsecured communication network
US7085931B1 (en) 1999-09-03 2006-08-01 Secure Computing Corporation Virtual smart card system and method
JP4688270B2 (en) * 1999-10-13 2011-05-25 株式会社ビジュアルジャパン Network type data transmission system, and server and terminal device in the system
US7461022B1 (en) 1999-10-20 2008-12-02 Yahoo! Inc. Auction redemption system and method
US7685423B1 (en) 2000-02-15 2010-03-23 Silverbrook Research Pty Ltd Validation protocol and system
GB0004656D0 (en) * 2000-02-28 2000-04-19 Edentity Limited Information processing system and method
AU2001259494B2 (en) * 2000-05-04 2006-02-02 Mastercard International Incorporated System and method for enabling universal log-in
US7174454B2 (en) 2002-11-19 2007-02-06 America Online, Inc. System and method for establishing historical usage-based hardware trust
EP2148465B9 (en) 2000-06-09 2013-04-17 Certicom Corp. A method for the application of implicit signature schemes
US20040073617A1 (en) 2000-06-19 2004-04-15 Milliken Walter Clark Hash-based systems and methods for detecting and preventing transmission of unwanted e-mail
AU2001271704A1 (en) * 2000-06-29 2002-01-14 Cachestream Corporation Digital rights management
GB2365264B (en) * 2000-07-25 2004-09-29 Vodafone Ltd Telecommunication systems and methods
CA2417919C (en) * 2000-08-04 2012-02-07 Lynn Henry Wheeler Method and system for using electronic communications for an electronic contract
AU2001283215A1 (en) * 2000-08-14 2002-02-25 Yahoo, Inc. Offline-online incentive points system and method
JP2004507010A (en) * 2000-08-22 2004-03-04 シーエムエックス テクノロジーズ ピーティーワイ リミテッド Transaction validation
AUPQ958400A0 (en) * 2000-08-22 2000-09-14 Cmx Technologies Pty Ltd Validation of transactions
US6799197B1 (en) * 2000-08-29 2004-09-28 Networks Associates Technology, Inc. Secure method and system for using a public network or email to administer to software on a plurality of client computers
US7171558B1 (en) 2000-09-22 2007-01-30 International Business Machines Corporation Transparent digital rights management for extendible content viewers
JP3646055B2 (en) * 2000-10-04 2005-05-11 日本電信電話株式会社 Time signature apparatus, signing method thereof, and time signature system
AU2002239500A1 (en) * 2000-10-20 2002-06-03 Wave Systems Corporation Cryptographic data security system and method
AU2002218644A1 (en) * 2000-11-29 2002-06-11 Temasek Polytechnic Enhance authorization system and method for computer security
JP2002215029A (en) * 2001-01-22 2002-07-31 Seiko Epson Corp Information authentication device and digital camera using the same
JP2002237812A (en) * 2001-02-08 2002-08-23 Sega Corp Method of communicating secret data
FR2820916B1 (en) * 2001-02-15 2004-08-20 Gemplus Card Int IDENTIFICATION MODULE PROVIDED WITH A SECURE AUTHENTICATION CODE
JP3693969B2 (en) * 2001-03-19 2005-09-14 株式会社エヌ・ティ・ティ・データ Electronic ticket usage support system
US7603703B2 (en) * 2001-04-12 2009-10-13 International Business Machines Corporation Method and system for controlled distribution of application code and content data within a computer network
WO2003003169A2 (en) * 2001-06-28 2003-01-09 Cloakware Corporation Secure method and system for biometric verification
US20030005317A1 (en) * 2001-06-28 2003-01-02 Audebert Yves Louis Gabriel Method and system for generating and verifying a key protection certificate
US7424615B1 (en) * 2001-07-30 2008-09-09 Apple Inc. Mutually authenticated secure key exchange (MASKE)
ITTO20010771A1 (en) * 2001-08-03 2003-02-03 T I S S Srl AUTHENTICATION METHOD BY STORAGE DEVICE.
US7299351B2 (en) * 2001-09-19 2007-11-20 Microsoft Corporation Peer-to-peer name resolution protocol (PNRP) security infrastructure and method
US7493363B2 (en) 2001-09-19 2009-02-17 Microsoft Corporation Peer-to-peer group management and method for maintaining peer-to-peer graphs
JP2003150641A (en) * 2001-11-14 2003-05-23 Nec Soft Ltd Storage/retrieval method, storage/retrieval device and storage/retrieval program using hash
GB2387678B (en) * 2002-04-18 2005-10-12 Hewlett Packard Co Apparatus for remote working
US20030217148A1 (en) * 2002-05-16 2003-11-20 Mullen Glen H. Method and apparatus for LAN authentication on switch
KR100854896B1 (en) * 2002-06-05 2008-08-28 주식회사 하이닉스반도체 Method for manufacturing flash memory device
ATE416552T1 (en) 2002-07-26 2008-12-15 Koninkl Philips Electronics Nv SECURING ACCESS TO MULTIMEDIA CONTENT THROUGH AUTHENTICATED DISTANCE MEASUREMENT
US7392375B2 (en) 2002-09-18 2008-06-24 Colligo Networks, Inc. Peer-to-peer authentication for real-time collaboration
US7613812B2 (en) * 2002-12-04 2009-11-03 Microsoft Corporation Peer-to-peer identity management interfaces and methods
US20080232590A1 (en) * 2003-01-25 2008-09-25 Rivest Ronald L Micropayment Processing Method and System
US7596625B2 (en) 2003-01-27 2009-09-29 Microsoft Corporation Peer-to-peer grouping interfaces and methods
US20040268127A1 (en) * 2003-06-17 2004-12-30 Sahota Jagdeep Singh Method and systems for securely exchanging data in an electronic transaction
US7774597B2 (en) * 2003-06-27 2010-08-10 Ram Gopal Lakshmi Narayanan System and method for nodes communicating in a shared network segment
US7512785B2 (en) * 2003-07-18 2009-03-31 Intel Corporation Revocation distribution
US7949996B2 (en) 2003-10-23 2011-05-24 Microsoft Corporation Peer-to-peer identity management managed interfaces and methods
US7496648B2 (en) * 2003-10-23 2009-02-24 Microsoft Corporation Managed peer name resolution protocol (PNRP) interfaces for peer to peer networking
US20050113069A1 (en) * 2003-11-25 2005-05-26 Intel Corporation User authentication through separate communication links
US20050144459A1 (en) * 2003-12-15 2005-06-30 Zeewaves Systems, Inc. Network security system and method
US8688803B2 (en) * 2004-03-26 2014-04-01 Microsoft Corporation Method for efficient content distribution using a peer-to-peer networking infrastructure
JP2005286443A (en) * 2004-03-29 2005-10-13 Ntt Data Corp Certificate verification device and computer program thereof
US20050227669A1 (en) * 2004-04-08 2005-10-13 Ixi Mobile (R&D) Ltd. Security key management system and method in a mobile communication network
FR2869175B1 (en) * 2004-04-16 2008-04-18 Audiosmartcard Internat Sa Sa METHOD FOR SECURING OPERATIONS ON A NETWORK AND ASSOCIATED DEVICES
WO2005104431A1 (en) * 2004-04-21 2005-11-03 Matsushita Electric Industrial Co., Ltd. Content providing system, information processing device, and memory card
CA2564904C (en) * 2004-04-30 2011-11-15 Research In Motion Limited System and method for handling certificate revocation lists
JP4550513B2 (en) * 2004-07-28 2010-09-22 三菱電機株式会社 Password generation device, password generation method, password generation system, IC card, authentication device, authentication method, and authentication system
US7899184B2 (en) * 2004-09-02 2011-03-01 Pisaramedia Oy Ends-messaging protocol that recovers and has backward security
US7411546B2 (en) 2004-10-15 2008-08-12 Telecommunication Systems, Inc. Other cell sites used as reference point to cull satellite ephemeris information for quick, accurate assisted locating satellite location determination
US20060130154A1 (en) * 2004-11-30 2006-06-15 Wai Lam Method and system for protecting and verifying stored data
CN100447776C (en) * 2005-03-17 2008-12-31 联想(北京)有限公司 Embedded safety ship of real-time clock and method for correcting real-time clock thereof
US8036140B2 (en) * 2005-04-22 2011-10-11 Microsoft Corporation Application programming interface for inviting participants in a serverless peer to peer network
US7571228B2 (en) 2005-04-22 2009-08-04 Microsoft Corporation Contact management in a serverless peer-to-peer system
US7430607B2 (en) * 2005-05-25 2008-09-30 Microsoft Corporation Source throttling using CPU stamping
EP1737178A1 (en) * 2005-06-24 2006-12-27 Axalto SA Method and system using a portable object for providing an extension to a server
US9137012B2 (en) * 2006-02-03 2015-09-15 Emc Corporation Wireless authentication methods and apparatus
US8668146B1 (en) 2006-05-25 2014-03-11 Sean I. Mcghie Rewards program with payment artifact permitting conversion/transfer of non-negotiable credits to entity independent funds
US10062062B1 (en) 2006-05-25 2018-08-28 Jbshbm, Llc Automated teller machine (ATM) providing money for loyalty points
US7703673B2 (en) 2006-05-25 2010-04-27 Buchheit Brian K Web based conversion of non-negotiable credits associated with an entity to entity independent negotiable funds
US9704174B1 (en) 2006-05-25 2017-07-11 Sean I. Mcghie Conversion of loyalty program points to commerce partner points per terms of a mutual agreement
US8684265B1 (en) 2006-05-25 2014-04-01 Sean I. Mcghie Rewards program website permitting conversion/transfer of non-negotiable credits to entity independent funds
US20080034216A1 (en) * 2006-08-03 2008-02-07 Eric Chun Wah Law Mutual authentication and secure channel establishment between two parties using consecutive one-time passwords
US8763110B2 (en) * 2006-11-14 2014-06-24 Sandisk Technologies Inc. Apparatuses for binding content to a separate memory device
US8079071B2 (en) * 2006-11-14 2011-12-13 SanDisk Technologies, Inc. Methods for accessing content based on a session ticket
US20080114772A1 (en) * 2006-11-14 2008-05-15 Fabrice Jogand-Coulomb Method for connecting to a network location associated with content
US8327454B2 (en) * 2006-11-14 2012-12-04 Sandisk Technologies Inc. Method for allowing multiple users to access preview content
US20080112562A1 (en) * 2006-11-14 2008-05-15 Fabrice Jogand-Coulomb Methods for linking content with license
US20080114693A1 (en) * 2006-11-14 2008-05-15 Fabrice Jogand-Coulomb Method for allowing content protected by a first DRM system to be accessed by a second DRM system
CN101005361B (en) * 2007-01-22 2010-11-03 北京飞天诚信科技有限公司 Server and software protection method and system
US9112681B2 (en) * 2007-06-22 2015-08-18 Fujitsu Limited Method and apparatus for secure information transfer to support migration
EP2179534A4 (en) 2007-07-17 2011-07-27 Certicom Corp Method and system for generating implicit certificates and applications to identity-based encryption (ibe)
CN105117963A (en) * 2007-12-21 2015-12-02 飞天诚信科技股份有限公司 Device and method based on digital signature
US8660268B2 (en) * 2008-04-29 2014-02-25 Red Hat, Inc. Keyed pseudo-random number generator
US9456054B2 (en) 2008-05-16 2016-09-27 Palo Alto Research Center Incorporated Controlling the spread of interests and content in a content centric network
US8156333B2 (en) * 2008-05-29 2012-04-10 Red Hat, Inc. Username based authentication security
US9258113B2 (en) * 2008-08-29 2016-02-09 Red Hat, Inc. Username based key exchange
US9106426B2 (en) 2008-11-26 2015-08-11 Red Hat, Inc. Username based authentication and key generation
US20100293095A1 (en) * 2009-05-18 2010-11-18 Christopher Alan Adkins Method for Secure Identification of a Device
US10157280B2 (en) * 2009-09-23 2018-12-18 F5 Networks, Inc. System and method for identifying security breach attempts of a website
US8923293B2 (en) 2009-10-21 2014-12-30 Palo Alto Research Center Incorporated Adaptive multi-interface use for content networking
US9225526B2 (en) * 2009-11-30 2015-12-29 Red Hat, Inc. Multifactor username based authentication
US9055059B1 (en) 2009-12-16 2015-06-09 Symantec Corporation Combining multiple digital certificates
US8375204B2 (en) 2009-12-16 2013-02-12 Symantec Corporation Method and system to combine multiple digital certificates using the subject alternative name extension
US8364954B2 (en) * 2009-12-16 2013-01-29 Symantec Corporation Method and system for provisioning multiple digital certificates
US9516059B1 (en) 2011-06-28 2016-12-06 EMC IP Holding Company LLC Using mock tokens to protect against malicious activity
US9166958B2 (en) * 2012-07-17 2015-10-20 Texas Instruments Incorporated ID-based control unit-key fob pairing
KR101976006B1 (en) 2012-11-08 2019-05-09 에이치피프린팅코리아 유한회사 User authentication method using self-signed certificate of web server, client device and electronic device including web server performing the same
US20140281502A1 (en) * 2013-03-15 2014-09-18 General Instrument Corporation Method and apparatus for embedding secret information in digital certificates
US9425967B2 (en) 2013-03-20 2016-08-23 Industrial Technology Research Institute Method for certificate generation and revocation with privacy preservation
US9369289B1 (en) * 2013-07-17 2016-06-14 Google Inc. Methods and systems for performing secure authenticated updates of authentication credentials
US10098051B2 (en) 2014-01-22 2018-10-09 Cisco Technology, Inc. Gateways and routing in software-defined manets
US9954678B2 (en) 2014-02-06 2018-04-24 Cisco Technology, Inc. Content-based transport security
US9531679B2 (en) * 2014-02-06 2016-12-27 Palo Alto Research Center Incorporated Content-based transport security for distributed producers
US9836540B2 (en) 2014-03-04 2017-12-05 Cisco Technology, Inc. System and method for direct storage access in a content-centric network
US9626413B2 (en) 2014-03-10 2017-04-18 Cisco Systems, Inc. System and method for ranking content popularity in a content-centric network
US9716622B2 (en) 2014-04-01 2017-07-25 Cisco Technology, Inc. System and method for dynamic name configuration in content-centric networks
US9473576B2 (en) 2014-04-07 2016-10-18 Palo Alto Research Center Incorporated Service discovery using collection synchronization with exact names
US9992281B2 (en) 2014-05-01 2018-06-05 Cisco Technology, Inc. Accountable content stores for information centric networks
US9609014B2 (en) 2014-05-22 2017-03-28 Cisco Systems, Inc. Method and apparatus for preventing insertion of malicious content at a named data network router
US9699198B2 (en) 2014-07-07 2017-07-04 Cisco Technology, Inc. System and method for parallel secure content bootstrapping in content-centric networks
US9621354B2 (en) 2014-07-17 2017-04-11 Cisco Systems, Inc. Reconstructable content objects
US9729616B2 (en) 2014-07-18 2017-08-08 Cisco Technology, Inc. Reputation-based strategy for forwarding and responding to interests over a content centric network
US9590887B2 (en) 2014-07-18 2017-03-07 Cisco Systems, Inc. Method and system for keeping interest alive in a content centric network
EP2980743A1 (en) * 2014-08-01 2016-02-03 Gemalto SA Control method for controlling an integrated circuit card
US9882964B2 (en) 2014-08-08 2018-01-30 Cisco Technology, Inc. Explicit strategy feedback in name-based forwarding
US9729662B2 (en) 2014-08-11 2017-08-08 Cisco Technology, Inc. Probabilistic lazy-forwarding technique without validation in a content centric network
US9800637B2 (en) 2014-08-19 2017-10-24 Cisco Technology, Inc. System and method for all-in-one content stream in content-centric networks
US10069933B2 (en) 2014-10-23 2018-09-04 Cisco Technology, Inc. System and method for creating virtual interfaces based on network characteristics
US9923719B2 (en) * 2014-12-09 2018-03-20 Cryptography Research, Inc. Location aware cryptography
US9590948B2 (en) 2014-12-15 2017-03-07 Cisco Systems, Inc. CCN routing using hardware-assisted hash tables
CN104639531B (en) * 2014-12-15 2018-09-21 南昌市科陆智能电网科技有限公司 Power equipment parameter setting system and power equipment parameter setting method
US10237189B2 (en) 2014-12-16 2019-03-19 Cisco Technology, Inc. System and method for distance-based interest forwarding
US10003520B2 (en) 2014-12-22 2018-06-19 Cisco Technology, Inc. System and method for efficient name-based content routing using link-state information in information-centric networks
US9660825B2 (en) 2014-12-24 2017-05-23 Cisco Technology, Inc. System and method for multi-source multicasting in content-centric networks
US9946743B2 (en) 2015-01-12 2018-04-17 Cisco Technology, Inc. Order encoded manifests in a content centric network
US9954795B2 (en) 2015-01-12 2018-04-24 Cisco Technology, Inc. Resource allocation using CCN manifests
US9916457B2 (en) 2015-01-12 2018-03-13 Cisco Technology, Inc. Decoupled name security binding for CCN objects
US9832291B2 (en) 2015-01-12 2017-11-28 Cisco Technology, Inc. Auto-configurable transport stack
US10333840B2 (en) 2015-02-06 2019-06-25 Cisco Technology, Inc. System and method for on-demand content exchange with adaptive naming in information-centric networks
WO2016131056A1 (en) * 2015-02-13 2016-08-18 Visa International Service Association Confidential communication management
DE102016002792B4 (en) * 2015-03-09 2022-04-28 Hid Global Corporation Biometric secret binding scheme with enhanced privacy protection
US9893885B1 (en) 2015-03-13 2018-02-13 Amazon Technologies, Inc. Updating cryptographic key pair
US9674162B1 (en) 2015-03-13 2017-06-06 Amazon Technologies, Inc. Updating encrypted cryptographic key pair
US10075401B2 (en) 2015-03-18 2018-09-11 Cisco Technology, Inc. Pending interest table behavior
US10003467B1 (en) 2015-03-30 2018-06-19 Amazon Technologies, Inc. Controlling digital certificate use
US9479340B1 (en) 2015-03-30 2016-10-25 Amazon Technologies, Inc. Controlling use of encryption keys
EP3101862A1 (en) * 2015-06-02 2016-12-07 Gemalto Sa Method for managing a secure channel between a server and a secure element
US10733415B1 (en) 2015-06-08 2020-08-04 Cross Match Technologies, Inc. Transformed representation for fingerprint data with high recognition accuracy
EP3104320B1 (en) * 2015-06-12 2018-08-15 EM Microelectronic-Marin SA Method for programming bank data in an integrated circuit of a watch
US10075402B2 (en) 2015-06-24 2018-09-11 Cisco Technology, Inc. Flexible command and control in content centric networks
US10701038B2 (en) 2015-07-27 2020-06-30 Cisco Technology, Inc. Content negotiation in a content centric network
US9986034B2 (en) 2015-08-03 2018-05-29 Cisco Technology, Inc. Transferring state in content centric network stacks
US9832123B2 (en) 2015-09-11 2017-11-28 Cisco Technology, Inc. Network named fragments in a content centric network
US10355999B2 (en) 2015-09-23 2019-07-16 Cisco Technology, Inc. Flow control with network named fragments
US9977809B2 (en) 2015-09-24 2018-05-22 Cisco Technology, Inc. Information and data framework in a content centric network
US10313227B2 (en) 2015-09-24 2019-06-04 Cisco Technology, Inc. System and method for eliminating undetected interest looping in information-centric networks
US10454820B2 (en) 2015-09-29 2019-10-22 Cisco Technology, Inc. System and method for stateless information-centric networking
US10263965B2 (en) 2015-10-16 2019-04-16 Cisco Technology, Inc. Encrypted CCNx
US9794238B2 (en) 2015-10-29 2017-10-17 Cisco Technology, Inc. System for key exchange in a content centric network
US9807205B2 (en) 2015-11-02 2017-10-31 Cisco Technology, Inc. Header compression for CCN messages using dictionary
US9794072B2 (en) * 2015-11-05 2017-10-17 Redline Communications Inc. Certificate exchange mechanism for wireless networking
US9912776B2 (en) 2015-12-02 2018-03-06 Cisco Technology, Inc. Explicit content deletion commands in a content centric network
US11025407B2 (en) * 2015-12-04 2021-06-01 Verisign, Inc. Hash-based digital signatures for hierarchical internet public key infrastructure
US10153905B2 (en) * 2015-12-04 2018-12-11 Verisign, Inc. Hash-based electronic signatures for data sets such as DNSSEC
US10097346B2 (en) 2015-12-09 2018-10-09 Cisco Technology, Inc. Key catalogs in a content centric network
US10078062B2 (en) 2015-12-15 2018-09-18 Palo Alto Research Center Incorporated Device health estimation by combining contextual information with sensor data
US10778435B1 (en) * 2015-12-30 2020-09-15 Jpmorgan Chase Bank, N.A. Systems and methods for enhanced mobile device authentication
US10257271B2 (en) 2016-01-11 2019-04-09 Cisco Technology, Inc. Chandra-Toueg consensus in a content centric network
US9949301B2 (en) 2016-01-20 2018-04-17 Palo Alto Research Center Incorporated Methods for fast, secure and privacy-friendly internet connection discovery in wireless networks
US10305864B2 (en) 2016-01-25 2019-05-28 Cisco Technology, Inc. Method and system for interest encryption in a content centric network
US10043016B2 (en) 2016-02-29 2018-08-07 Cisco Technology, Inc. Method and system for name encryption agreement in a content centric network
US10003507B2 (en) 2016-03-04 2018-06-19 Cisco Technology, Inc. Transport session state protocol
US10051071B2 (en) 2016-03-04 2018-08-14 Cisco Technology, Inc. Method and system for collecting historical network information in a content centric network
US10742596B2 (en) 2016-03-04 2020-08-11 Cisco Technology, Inc. Method and system for reducing a collision probability of hash-based names using a publisher identifier
US10038633B2 (en) 2016-03-04 2018-07-31 Cisco Technology, Inc. Protocol to query for historical network information in a content centric network
US9832116B2 (en) 2016-03-14 2017-11-28 Cisco Technology, Inc. Adjusting entries in a forwarding information base in a content centric network
US10212196B2 (en) 2016-03-16 2019-02-19 Cisco Technology, Inc. Interface discovery and authentication in a name-based network
US10067948B2 (en) 2016-03-18 2018-09-04 Cisco Technology, Inc. Data deduping in content centric networking manifests
US11436656B2 (en) 2016-03-18 2022-09-06 Palo Alto Research Center Incorporated System and method for a real-time egocentric collaborative filter on large datasets
US10091330B2 (en) 2016-03-23 2018-10-02 Cisco Technology, Inc. Interest scheduling by an information and data framework in a content centric network
US10033639B2 (en) 2016-03-25 2018-07-24 Cisco Technology, Inc. System and method for routing packets in a content centric network using anonymous datagrams
US10320760B2 (en) 2016-04-01 2019-06-11 Cisco Technology, Inc. Method and system for mutating and caching content in a content centric network
US9930146B2 (en) 2016-04-04 2018-03-27 Cisco Technology, Inc. System and method for compressing content centric networking messages
US10425503B2 (en) 2016-04-07 2019-09-24 Cisco Technology, Inc. Shared pending interest table in a content centric network
US10027578B2 (en) 2016-04-11 2018-07-17 Cisco Technology, Inc. Method and system for routable prefix queries in a content centric network
US10404450B2 (en) 2016-05-02 2019-09-03 Cisco Technology, Inc. Schematized access control in a content centric network
US10320675B2 (en) 2016-05-04 2019-06-11 Cisco Technology, Inc. System and method for routing packets in a stateless content centric network
US10547589B2 (en) 2016-05-09 2020-01-28 Cisco Technology, Inc. System for implementing a small computer systems interface protocol over a content centric network
US10084764B2 (en) 2016-05-13 2018-09-25 Cisco Technology, Inc. System for a secure encryption proxy in a content centric network
US10063414B2 (en) 2016-05-13 2018-08-28 Cisco Technology, Inc. Updating a transport stack in a content centric network
US10764067B2 (en) * 2016-05-23 2020-09-01 Pomian & Corella, Llc Operation of a certificate authority on a distributed ledger
US10103989B2 (en) 2016-06-13 2018-10-16 Cisco Technology, Inc. Content object return messages in a content centric network
US10305865B2 (en) 2016-06-21 2019-05-28 Cisco Technology, Inc. Permutation-based content encryption with manifests in a content centric network
US10148572B2 (en) 2016-06-27 2018-12-04 Cisco Technology, Inc. Method and system for interest groups in a content centric network
US10009266B2 (en) 2016-07-05 2018-06-26 Cisco Technology, Inc. Method and system for reference counted pending interest tables in a content centric network
US9992097B2 (en) 2016-07-11 2018-06-05 Cisco Technology, Inc. System and method for piggybacking routing information in interests in a content centric network
US10122624B2 (en) 2016-07-25 2018-11-06 Cisco Technology, Inc. System and method for ephemeral entries in a forwarding information base in a content centric network
US10069729B2 (en) 2016-08-08 2018-09-04 Cisco Technology, Inc. System and method for throttling traffic based on a forwarding information base in a content centric network
US10956412B2 (en) 2016-08-09 2021-03-23 Cisco Technology, Inc. Method and system for conjunctive normal form attribute matching in a content centric network
US10033642B2 (en) 2016-09-19 2018-07-24 Cisco Technology, Inc. System and method for making optimal routing decisions based on device-specific parameters in a content centric network
US10212248B2 (en) 2016-10-03 2019-02-19 Cisco Technology, Inc. Cache management on high availability routers in a content centric network
US10447805B2 (en) 2016-10-10 2019-10-15 Cisco Technology, Inc. Distributed consensus in a content centric network
US10135948B2 (en) 2016-10-31 2018-11-20 Cisco Technology, Inc. System and method for process migration in a content centric network
US10243851B2 (en) 2016-11-21 2019-03-26 Cisco Technology, Inc. System and method for forwarder connection information in a content centric network
US11496438B1 (en) 2017-02-07 2022-11-08 F5, Inc. Methods for improved network security using asymmetric traffic delivery and devices thereof
US10791119B1 (en) 2017-03-14 2020-09-29 F5 Networks, Inc. Methods for temporal password injection and devices thereof
US10931662B1 (en) 2017-04-10 2021-02-23 F5 Networks, Inc. Methods for ephemeral authentication screening and devices thereof
JP6548172B2 (en) * 2017-06-12 2019-07-24 パナソニックIpマネジメント株式会社 Terminal authentication system, server device, and terminal authentication method
WO2019147758A1 (en) 2018-01-24 2019-08-01 Sensoriant, Inc. System and method establishing a trust model for shared content on the internet
US10686601B2 (en) 2018-01-24 2020-06-16 Sensoriant, Inc. Consistency and consensus management in decentralized and distributed systems
US10764052B2 (en) 2018-01-24 2020-09-01 Sensoriant, Inc. User identity and trust models in decentralized and distributed systems
US10728020B2 (en) * 2018-01-24 2020-07-28 Sensoriant, Inc. Efficient mining operations in blockchain environments with non-secure devices
US10819526B2 (en) * 2018-02-19 2020-10-27 Microsoft Technology Licensing, Llc Identity-based certificate authority system architecture
US11658995B1 (en) 2018-03-20 2023-05-23 F5, Inc. Methods for dynamically mitigating network attacks and devices thereof
US11502855B1 (en) * 2021-08-26 2022-11-15 International Business Machines Corporation Certificate mirroring
US20230231712A1 (en) * 2022-01-14 2023-07-20 Micron Technology, Inc. Embedded tls protocol for lightweight devices
US20230418926A1 (en) * 2022-06-23 2023-12-28 Microsoft Technology Licensing, Llc Authentication using mutable data

Citations (15)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
US4309569A (en) 1979-09-05 1982-01-05 The Board Of Trustees Of The Leland Stanford Junior University Method of providing digital signatures
EP0148960A1 (en) 1983-12-21 1985-07-24 International Business Machines Corporation Security in data communication systems
US4755940A (en) 1983-09-17 1988-07-05 International Business Machines Corporation Transaction security system
US4885778A (en) 1984-11-30 1989-12-05 Weiss Kenneth P Method and apparatus for synchronizing generation of separate, free running, time dependent equipment
US5005200A (en) 1988-02-12 1991-04-02 Fischer Addison M Public key/signature cryptosystem with enhanced digital signature certification
WO1993010509A1 (en) 1991-11-12 1993-05-27 Security Domain Pty. Ltd. Method and system for secure, decentralised personalisation of smart cards
US5222140A (en) 1991-11-08 1993-06-22 Bell Communications Research, Inc. Cryptographic method for key agreement and user authentication
US5224163A (en) 1990-09-28 1993-06-29 Digital Equipment Corporation Method for delegating authorization from one entity to another through the use of session encryption keys
US5261002A (en) 1992-03-13 1993-11-09 Digital Equipment Corporation Method of issuance and revocation of certificates of authenticity used in public key networks and other systems
US5367573A (en) 1993-07-02 1994-11-22 Digital Equipment Corporation Signature data object
US5428684A (en) 1991-09-30 1995-06-27 Fujitsu Limited Electronic cashless transaction system
US5444780A (en) 1993-07-22 1995-08-22 International Business Machines Corporation Client/server based secure timekeeping system
EP0678836A1 (en) 1986-08-22 1995-10-25 Tandem Computers Incorporated Method and means for combining and managing personal verification and message authentication encryptions for network transmission
US5625693A (en) 1995-07-07 1997-04-29 Thomson Consumer Electronics, Inc. Apparatus and method for authenticating transmitting applications in an interactive TV system
US6085320A (en) * 1996-05-15 2000-07-04 Rsa Security Inc. Client/server protocol for proving authenticity

Family Cites Families (2)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
US5757914A (en) * 1995-10-26 1998-05-26 Sun Microsystems, Inc. System and method for protecting use of dynamically linked executable modules
US5963649A (en) * 1995-12-19 1999-10-05 Nec Corporation Message authorization system for authorizing message for electronic document

Patent Citations (15)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
US4309569A (en) 1979-09-05 1982-01-05 The Board Of Trustees Of The Leland Stanford Junior University Method of providing digital signatures
US4755940A (en) 1983-09-17 1988-07-05 International Business Machines Corporation Transaction security system
EP0148960A1 (en) 1983-12-21 1985-07-24 International Business Machines Corporation Security in data communication systems
US4885778A (en) 1984-11-30 1989-12-05 Weiss Kenneth P Method and apparatus for synchronizing generation of separate, free running, time dependent equipment
EP0678836A1 (en) 1986-08-22 1995-10-25 Tandem Computers Incorporated Method and means for combining and managing personal verification and message authentication encryptions for network transmission
US5005200A (en) 1988-02-12 1991-04-02 Fischer Addison M Public key/signature cryptosystem with enhanced digital signature certification
US5224163A (en) 1990-09-28 1993-06-29 Digital Equipment Corporation Method for delegating authorization from one entity to another through the use of session encryption keys
US5428684A (en) 1991-09-30 1995-06-27 Fujitsu Limited Electronic cashless transaction system
US5222140A (en) 1991-11-08 1993-06-22 Bell Communications Research, Inc. Cryptographic method for key agreement and user authentication
WO1993010509A1 (en) 1991-11-12 1993-05-27 Security Domain Pty. Ltd. Method and system for secure, decentralised personalisation of smart cards
US5261002A (en) 1992-03-13 1993-11-09 Digital Equipment Corporation Method of issuance and revocation of certificates of authenticity used in public key networks and other systems
US5367573A (en) 1993-07-02 1994-11-22 Digital Equipment Corporation Signature data object
US5444780A (en) 1993-07-22 1995-08-22 International Business Machines Corporation Client/server based secure timekeeping system
US5625693A (en) 1995-07-07 1997-04-29 Thomson Consumer Electronics, Inc. Apparatus and method for authenticating transmitting applications in an interactive TV system
US6085320A (en) * 1996-05-15 2000-07-04 Rsa Security Inc. Client/server protocol for proving authenticity

Non-Patent Citations (12)

* Cited by examiner, † Cited by third party
Title
"Information Technology-Security Techniques-Digital Signature Scheme Giving Message Recover," International Standard ISO/IEC 9796 : 1991, pp. i-12.
"Secure Electronic Transaction (SET) specification", Book 2: Programmers Guide, pp. 56-58, Jun. 21, 1996.
"Information Technology—Security Techniques—Digital Signature Scheme Giving Message Recover," International Standard ISO/IEC 9796 : 1991, pp. i—12.
Bellare, et al. "Optimal Asymmetric Encryption-How to Encrypt with RSA," Nov. 19, 1995, available from http://www-cse.ucsd.edu/users/mihir/papers/pke.html, based on an earlier paper published in Advances in Cryptology-Eurocrypt 94 Proceedings, Lecture Notes in Computer Science vol. 950, A. De Santis ed., Springer-Verlag, 1994.
Bellare, et al. "Optimal Asymmetric Encryption—How to Encrypt with RSA," Nov. 19, 1995, available from http://www-cse.ucsd.edu/users/mihir/papers/pke.html, based on an earlier paper published in Advances in Cryptology—Eurocrypt 94 Proceedings, Lecture Notes in Computer Science vol. 950, A. De Santis ed., Springer-Verlag, 1994.
Beller, M.J., et al., "Fully-Fledged Two-Way Public Key Authentication and Key Agreement for Low-Cost Terminals," Electronics Letters, vol. 29, No. 11, May 27, 1993, pp. 999-1000.
European Patent Office, European Search Report, International Application No. EP 97 30 3229, date of completion of search May 14, 1999, 2 pages.
Guillou, Louis, et al. "A Practical Zero-Knowledge Protocol Fitted to Security Microprocessor Minimizing Both Transmission and Memory," Advances in Cryptology-Eurocrypt '88, Springer-Verlog, 1988, pp. 123-128.
Guillou, Louis, et al. "A Practical Zero-Knowledge Protocol Fitted to Security Microprocessor Minimizing Both Transmission and Memory," Advances in Cryptology—Eurocrypt '88, Springer-Verlog, 1988, pp. 123-128.
PKCS #1: RSA Encryption Standard, An RSA Laboratories Technical Note, Version 1.5, Revised Nov. 1, 1993, pp. 1-17.
RSA Laboratories, PKCS #1 v2.0: RSA Cryptography Standard, Oct. 1, 1998, pp. 1-36.
SET Secure Electronic Transaction Specification, Book 2: Programmer's Guide, Version 1.0, May 31, 1997, pp. 207-213.

Cited By (658)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
US8892495B2 (en) 1991-12-23 2014-11-18 Blanding Hovenweep, Llc Adaptive pattern recognition based controller apparatus and method and human-interface therefore
US20020188843A1 (en) * 1996-05-14 2002-12-12 Kocher Paul Carl Apparatus and method for demonstrating and confirming the status of digital certificates and other data
US6901509B1 (en) 1996-05-14 2005-05-31 Tumbleweed Communications Corp. Apparatus and method for demonstrating and confirming the status of a digital certificates and other data
US7073056B2 (en) * 1996-05-14 2006-07-04 Tumbleweed Communications Corp. Apparatus and method for demonstrating and confirming the status of digital certificates and other data
US7526644B2 (en) 1996-05-14 2009-04-28 Axway Inc. Apparatus and method for demonstrating and confirming the status of digital certificates and other data
US8165965B2 (en) 1997-06-27 2012-04-24 Swisscom Ag Transaction method with a mobile apparatus
US7774609B2 (en) 1997-10-28 2010-08-10 First Data Mobile Holdings Limited Process for digital signing of a message
US20090034730A1 (en) * 1997-10-28 2009-02-05 Encorus Holdings Limited Process for digital signing of a message
US6868403B1 (en) 1998-02-06 2005-03-15 Microsoft Corporation Secure online music distribution system
US6385596B1 (en) 1998-02-06 2002-05-07 Liquid Audio, Inc. Secure online music distribution system
US6389536B1 (en) * 1998-02-09 2002-05-14 Fuji Xerox Co., Ltd. Device for verifying use qualifications
US7386727B1 (en) 1998-10-24 2008-06-10 Encorus Holdings Limited Method for digital signing of a message
US10361802B1 (en) 1999-02-01 2019-07-23 Blanding Hovenweep, Llc Adaptive pattern recognition based control system and method
US8369967B2 (en) 1999-02-01 2013-02-05 Hoffberg Steven M Alarm system controller and a method for controlling an alarm system
US9535563B2 (en) 1999-02-01 2017-01-03 Blanding Hovenweep, Llc Internet appliance system and method
US7099848B1 (en) * 1999-02-16 2006-08-29 Listen.Com, Inc. Audio delivery and rendering method and apparatus
US20040049521A1 (en) * 1999-02-26 2004-03-11 Authentidate Holding Corp. Digital file management and imaging system and method including secure file marking
US7069439B1 (en) 1999-03-05 2006-06-27 Hewlett-Packard Development Company, L.P. Computing apparatus and methods using secure authentication arrangements
US6367019B1 (en) * 1999-03-26 2002-04-02 Liquid Audio, Inc. Copy security for portable music players
US7137012B1 (en) * 1999-06-16 2006-11-14 Kabushiki Kaisha Toshiba Storage medium and contents protection method using the storage medium
US6760752B1 (en) * 1999-06-28 2004-07-06 Zix Corporation Secure transmission system
US7493661B2 (en) 1999-06-28 2009-02-17 Zix Corporation Secure transmission system
US20040249817A1 (en) * 1999-06-28 2004-12-09 Zix Corporation, A Texas Corporation Secure transmission system
US10339746B1 (en) 1999-08-10 2019-07-02 Gofigure Payments, Llc Mobile device for making a mobile payment
US7174569B1 (en) * 1999-08-13 2007-02-06 Cisco Technology, Inc. Client security for networked applications
US9519894B2 (en) 1999-08-31 2016-12-13 Gula Consulting Limited Liability Company Methods and apparatus for conducting electronic transactions
US20120265690A1 (en) * 1999-08-31 2012-10-18 American Express Travel Related Services Company, Inc. Methods and apparatus for conducting electronic transactions
US8938402B2 (en) 1999-08-31 2015-01-20 Lead Core Fund, L.L.C. Methods and apparatus for conducting electronic transactions
US8924310B2 (en) 1999-08-31 2014-12-30 Lead Core Fund, L.L.C. Methods and apparatus for conducting electronic transactions
US7137006B1 (en) 1999-09-24 2006-11-14 Citicorp Development Center, Inc. Method and system for single sign-on user access to multiple web servers
US7640186B1 (en) * 1999-11-16 2009-12-29 Cfph, Llc Systems and methods for reselling electronic merchandise
US7213149B2 (en) * 1999-12-02 2007-05-01 Sony Deutschland Gmbh Message authentication
US20010002929A1 (en) * 1999-12-02 2001-06-07 Niels Mache Message authentication
US7949875B2 (en) 1999-12-02 2011-05-24 Sony Deutschland Gmbh Message authentication
US20070162757A1 (en) * 1999-12-02 2007-07-12 Sony Deutschland Gmbh Message authentication
US7437561B2 (en) * 2000-04-03 2008-10-14 Thomson Licensing S.A. Authentication of data transmitted in a digital transmission system
US20040125959A1 (en) * 2000-04-03 2004-07-01 Beuque Jean-Bernard Gerard Maurice Authentication of data transmitted in a digital transmission system
US7215771B1 (en) 2000-06-30 2007-05-08 Western Digital Ventures, Inc. Secure disk drive comprising a secure drive key and a drive ID for implementing secure communication over a public network
US7035638B2 (en) * 2000-07-21 2006-04-25 Telefonktiebolaget Lm Ericsson (Publ) Method and apparatus for enhanced short message service
US20040048627A1 (en) * 2000-07-21 2004-03-11 Ulises Olvera-Hernandez Method and apparatus for enhanced short message service
US20030041110A1 (en) * 2000-07-28 2003-02-27 Storymail, Inc. System, Method and Structure for generating and using a compressed digital certificate
US7155616B1 (en) 2000-07-31 2006-12-26 Western Digital Ventures, Inc. Computer network comprising network authentication facilities implemented in a disk drive
US7003674B1 (en) 2000-07-31 2006-02-21 Western Digital Ventures, Inc. Disk drive employing a disk with a pristine area for storing encrypted data accessible only by trusted devices or clients to facilitate secure network communications
US20020056040A1 (en) * 2000-08-10 2002-05-09 Timothy J. Simms System and method for establishing secure communication
US7373507B2 (en) * 2000-08-10 2008-05-13 Plethora Technology, Inc. System and method for establishing secure communication
US20020054334A1 (en) * 2000-08-25 2002-05-09 Harrison Keith Alexander Document transmission Techniques I
US20020032862A1 (en) * 2000-08-25 2002-03-14 Harrison Keith Alexander Document Transmission techniques II
US7392388B2 (en) 2000-09-07 2008-06-24 Swivel Secure Limited Systems and methods for identity verification for secure transactions
US20020059146A1 (en) * 2000-09-07 2002-05-16 Swivel Technologies Limited Systems and methods for identity verification for secure transactions
US20020029342A1 (en) * 2000-09-07 2002-03-07 Keech Winston Donald Systems and methods for identity verification for secure transactions
US7681228B2 (en) 2000-11-03 2010-03-16 Authernative, Inc. Method of one time authentication response to a session-specific challenge indicating a random subset of password or PIN character positions
US20060136317A1 (en) * 2000-11-03 2006-06-22 Authernative, Inc. Method of one time authentication response to a session-specific challenge indicating a random subset of password or PIN character positions
US7379916B1 (en) 2000-11-03 2008-05-27 Authernative, Inc. System and method for private secure financial transactions
US20020095589A1 (en) * 2000-11-28 2002-07-18 Keech Winston Donald Secure file transfer method and system
US7035274B2 (en) * 2000-12-20 2006-04-25 Intel Corporation Techniques for storing data on message queuing middleware servers without registration of the sending application
US20020110147A1 (en) * 2000-12-20 2002-08-15 Eatough David Arthur Techniques for storing data on message queuing middleware servers without registration of the sending application
US20020129261A1 (en) * 2001-03-08 2002-09-12 Cromer Daryl Carvis Apparatus and method for encrypting and decrypting data recorded on portable cryptographic tokens
US20020184504A1 (en) * 2001-03-26 2002-12-05 Eric Hughes Combined digital signature
US7975139B2 (en) * 2001-05-01 2011-07-05 Vasco Data Security, Inc. Use and generation of a session key in a secure socket layer connection
US20110231650A1 (en) * 2001-05-01 2011-09-22 Frank Coulier Use and generation of a session key in a secure socket layer connection
US20020166048A1 (en) * 2001-05-01 2002-11-07 Frank Coulier Use and generation of a session key in a secure socket layer connection
US20040236953A1 (en) * 2001-05-15 2004-11-25 Olivier Merenne Method and device for transmitting an electronic message
US7143285B2 (en) 2001-05-22 2006-11-28 International Business Machines Corporation Password exposure elimination for digital signature coupling with a host identity
US20020196764A1 (en) * 2001-06-25 2002-12-26 Nec Corporation Method and system for authentication in wireless LAN system
US20040177252A1 (en) * 2001-06-27 2004-09-09 Luc Vallee Cryptographic authentication process
US7451314B2 (en) * 2001-06-27 2008-11-11 France Telecom Cryptographic authentication process
US7249256B2 (en) 2001-07-11 2007-07-24 Anoto Ab Encryption protocol
US20030021419A1 (en) * 2001-07-11 2003-01-30 Hansen Mads Dore Encryption protocol
WO2003007228A1 (en) * 2001-07-11 2003-01-23 Anoto Ab Encryption protocol
US7779267B2 (en) * 2001-09-04 2010-08-17 Hewlett-Packard Development Company, L.P. Method and apparatus for using a secret in a distributed computing system
US20030046542A1 (en) * 2001-09-04 2003-03-06 Hewlett-Packard Company Method and apparatus for using a secret in a distributed computing system
US20030101343A1 (en) * 2001-11-27 2003-05-29 Eaton Eric Thomas System for providing continuity between messaging clients and method therefor
US6983370B2 (en) * 2001-11-27 2006-01-03 Motorola, Inc. System for providing continuity between messaging clients and method therefor
US7676583B2 (en) 2002-02-08 2010-03-09 Motorola, Inc. System for providing continuity between session clients and method therefor
US20060212585A1 (en) * 2002-02-08 2006-09-21 Eaton Eric T System for providing continuity between session clients and method therefor
US20060173794A1 (en) * 2002-02-27 2006-08-03 Imagineer Software, Inc. Secure electronic commerce using mutating identifiers
US20060031175A1 (en) * 2002-02-27 2006-02-09 Imagineer Software, Inc. Multiple party content distribution system and method with rights management features
US7725404B2 (en) 2002-02-27 2010-05-25 Imagineer Software, Inc. Secure electronic commerce using mutating identifiers
US20050010536A1 (en) * 2002-02-27 2005-01-13 Imagineer Software, Inc. Secure communication and real-time watermarking using mutating identifiers
US7376624B2 (en) 2002-02-27 2008-05-20 Imagineer Software, Inc. Secure communication and real-time watermarking using mutating identifiers
US20030187799A1 (en) * 2002-02-27 2003-10-02 William Sellars Multiple party content distribution system and method with rights management features
US20060195402A1 (en) * 2002-02-27 2006-08-31 Imagineer Software, Inc. Secure data transmission using undiscoverable or black data
US6996544B2 (en) 2002-02-27 2006-02-07 Imagineer Software, Inc. Multiple party content distribution system and method with rights management features
US9602968B2 (en) 2002-03-28 2017-03-21 Telecommunication Systems, Inc. Area watcher for wireless network
US20030186699A1 (en) * 2002-03-28 2003-10-02 Arlene Havlark Wireless telecommunications location based services scheme selection
US8983048B2 (en) 2002-03-28 2015-03-17 Telecommunication Systems, Inc. Location derived presence information
US20070202851A1 (en) * 2002-03-28 2007-08-30 Hines Gordon J Area watcher for wireless network
US20110211494A1 (en) * 2002-03-28 2011-09-01 Rhodes Jeffrey C Public safety access point (PSAP) selection for E911 wireless callers in a GSM type system
US9154906B2 (en) 2002-03-28 2015-10-06 Telecommunication Systems, Inc. Area watcher for wireless network
US20030188180A1 (en) * 2002-03-28 2003-10-02 Overney Gregor T. Secure file verification station for ensuring data integrity
US9599717B2 (en) 2002-03-28 2017-03-21 Telecommunication Systems, Inc. Wireless telecommunications location based services scheme selection
US9220958B2 (en) 2002-03-28 2015-12-29 Telecommunications Systems, Inc. Consequential location derived information
US8032112B2 (en) 2002-03-28 2011-10-04 Telecommunication Systems, Inc. Location derived presence information
US8126889B2 (en) 2002-03-28 2012-02-28 Telecommunication Systems, Inc. Location fidelity adjustment based on mobile subscriber privacy profile
US9398419B2 (en) 2002-03-28 2016-07-19 Telecommunication Systems, Inc. Location derived presence information
US20040203597A1 (en) * 2002-03-28 2004-10-14 Pitt Lance Douglas Mobile subscriber privacy evaluation using solicited vs. unsolicited differentiation
US20080242260A1 (en) * 2002-03-28 2008-10-02 Arlene Havlark Wireless telecommunications location based services scheme selection
US20030187803A1 (en) * 2002-03-28 2003-10-02 Pitt Lance Douglas Location fidelity adjustment based on mobile subscriber privacy profile
US8918073B2 (en) 2002-03-28 2014-12-23 Telecommunication Systems, Inc. Wireless telecommunications location based services scheme selection
US8532277B2 (en) 2002-03-28 2013-09-10 Telecommunication Systems, Inc. Location derived presence information
US20030191945A1 (en) * 2002-04-03 2003-10-09 Swivel Technologies Limited System and method for secure credit and debit card transactions
US20030208677A1 (en) * 2002-05-03 2003-11-06 Microsoft Corporation Methods for iteratively deriving security keys for communications sessions
US7464265B2 (en) * 2002-05-03 2008-12-09 Microsoft Corporation Methods for iteratively deriving security keys for communications sessions
US7370350B1 (en) * 2002-06-27 2008-05-06 Cisco Technology, Inc. Method and apparatus for re-authenticating computing devices
US20040008846A1 (en) * 2002-07-10 2004-01-15 Alexander Medvinsky Method of preventing unauthorized distribution and use of electronic keys using a key seed
US7352867B2 (en) * 2002-07-10 2008-04-01 General Instrument Corporation Method of preventing unauthorized distribution and use of electronic keys using a key seed
US20040030888A1 (en) * 2002-08-08 2004-02-12 Roh Jong Hyuk Method of validating certificate by certificate validation server using certificate policies and certificate policy mapping in public key infrastructure
US7478236B2 (en) * 2002-08-08 2009-01-13 Electronics And Telecommunications Research Institute Method of validating certificate by certificate validation server using certificate policies and certificate policy mapping in public key infrastructure
US7484089B1 (en) * 2002-09-06 2009-01-27 Citicorp Developmemt Center, Inc. Method and system for certificate delivery and management
US20040098582A1 (en) * 2002-09-19 2004-05-20 Konami Corporation Certification processing hardware, certification processing system and use management hardware
US7409560B2 (en) * 2002-09-19 2008-08-05 Konami Digital Entertainment Co., Ltd. Certification processing hardware, certification processing system and use management hardware
US7840806B2 (en) * 2002-10-16 2010-11-23 Enterprise Information Management, Inc. System and method of non-centralized zero knowledge authentication for a computer network
US20080307488A1 (en) * 2002-10-16 2008-12-11 Innerwall, Inc. Systems And Methods For Enterprise Security With Collaborative Peer To Peer Architecture
US20040123156A1 (en) * 2002-10-16 2004-06-24 Hammond Frank J. System and method of non-centralized zero knowledge authentication for a computer network
US20110072265A1 (en) * 2002-10-16 2011-03-24 Hammond Ii Frank J System And Method Of Non-Centralized Zero Knowledge Authentication For A Computer Network
US8239917B2 (en) 2002-10-16 2012-08-07 Enterprise Information Management, Inc. Systems and methods for enterprise security with collaborative peer to peer architecture
US8666397B2 (en) 2002-12-13 2014-03-04 Telecommunication Systems, Inc. Area event handling when current network does not cover target area
US7188314B2 (en) 2002-12-23 2007-03-06 Authernative, Inc. System and method for user authentication interface
US7644433B2 (en) 2002-12-23 2010-01-05 Authernative, Inc. Authentication system and method based upon random partial pattern recognition
US7577987B2 (en) 2002-12-23 2009-08-18 Authernative, Inc. Operation modes for user authentication system based on random partial pattern recognition
US20040123160A1 (en) * 2002-12-23 2004-06-24 Authenture, Inc. Authentication system and method based upon random partial pattern recognition
US20040123151A1 (en) * 2002-12-23 2004-06-24 Authenture, Inc. Operation modes for user authentication system based on random partial pattern recognition
US20040119746A1 (en) * 2002-12-23 2004-06-24 Authenture, Inc. System and method for user authentication interface
US20040193923A1 (en) * 2003-01-16 2004-09-30 Hammond Frank J. Systems and methods for enterprise security with collaborative peer to peer architecture
US20050195975A1 (en) * 2003-01-21 2005-09-08 Kevin Kawakita Digital media distribution cryptography using media ticket smart cards
GB2397678A (en) * 2003-01-23 2004-07-28 Sema Uk Ltd A secure terminal for use with a smart card based loyalty scheme
US20040154459A1 (en) * 2003-01-28 2004-08-12 Yamaha Corporation Apparatus for reproduction song data with limitation dependent on preview or purchase
US7958054B2 (en) * 2003-01-28 2011-06-07 Yamaha Corporation Apparatus for reproduction song data with limitation dependent on preview or purchase
US7343159B2 (en) * 2003-03-06 2008-03-11 Sony Corporation Wireless communication system, terminal, message sending method, and program for allowing terminal to execute the method
US20050003814A1 (en) * 2003-03-06 2005-01-06 Sony Corporation Wireless communication system, terminal, message sending method, and program for allowing terminal to execute the method
US9210681B2 (en) 2003-03-06 2015-12-08 Sony Corporation Wireless communication system, terminal, message sending method, and program for allowing terminal to execute the method
US20080119185A1 (en) * 2003-03-06 2008-05-22 Sony Corporation Wireless communication system, terminal, message sending method, and program for allowing terminal to execute the method
US8320912B2 (en) 2003-03-06 2012-11-27 Sony Corporation Wireless communication system, terminal, message sending method, and program for allowing terminal to execute the method
US20040225880A1 (en) * 2003-05-07 2004-11-11 Authenture, Inc. Strong authentication systems built on combinations of "what user knows" authentication factors
US20040225899A1 (en) * 2003-05-07 2004-11-11 Authenture, Inc. Authentication system and method based upon random partial digitized path recognition
US7073067B2 (en) 2003-05-07 2006-07-04 Authernative, Inc. Authentication system and method based upon random partial digitized path recognition
US7499548B2 (en) * 2003-06-24 2009-03-03 Intel Corporation Terminal authentication in a wireless network
US7266685B1 (en) * 2003-06-24 2007-09-04 Arraycomm, Llc Time certification in a wireless communications network
WO2005006627A3 (en) * 2003-06-24 2006-09-21 Arraycomm Inc Terminal identity masking in a wireless network
US20040264699A1 (en) * 2003-06-24 2004-12-30 Meandzija Branislav N. Terminal authentication in a wireless network
US20050005095A1 (en) * 2003-06-24 2005-01-06 Meandzija Branislav N. Terminal identity masking in a wireless network
WO2005006627A2 (en) * 2003-06-24 2005-01-20 Arraycomm, Inc. Terminal identity masking in a wireless network
US7302565B2 (en) * 2003-06-24 2007-11-27 Arraycomm Llc Terminal identity masking in a wireless network
WO2005008950A1 (en) * 2003-07-10 2005-01-27 Rsa Security, Inc. Secure seed generation protocol
US20060177056A1 (en) * 2003-07-10 2006-08-10 Peter Rostin Secure seed generation protocol
US7979707B2 (en) 2003-07-10 2011-07-12 Emc Corporation Secure seed generation protocol
US20050050328A1 (en) * 2003-09-02 2005-03-03 Authenture, Inc. Key generation method for communication session encryption and authentication system
US20050050322A1 (en) * 2003-09-02 2005-03-03 Authenture, Inc. Key conversion method for communication session encryption and authentication system
US20050050323A1 (en) * 2003-09-02 2005-03-03 Authenture, Inc. Communication session encryption and authentication system
US7506161B2 (en) 2003-09-02 2009-03-17 Authernative, Inc. Communication session encryption and authentication system
US7581100B2 (en) 2003-09-02 2009-08-25 Authernative, Inc. Key generation method for communication session encryption and authentication system
US7299356B2 (en) 2003-09-02 2007-11-20 Authernative, Inc. Key conversion method for communication session encryption and authentication system
US7430606B1 (en) 2003-10-17 2008-09-30 Arraycomm, Llc Reducing certificate revocation lists at access points in a wireless access network
US20050086468A1 (en) * 2003-10-17 2005-04-21 Branislav Meandzija Digital certificate related to user terminal hardware in a wireless network
US20050109841A1 (en) * 2003-11-17 2005-05-26 Ryan Dennis J. Multi-interface compact personal token apparatus and methods of use
US7762470B2 (en) 2003-11-17 2010-07-27 Dpd Patent Trust Ltd. RFID token with multiple interface controller
US7213766B2 (en) 2003-11-17 2007-05-08 Dpd Patent Trust Ltd Multi-interface compact personal token apparatus and methods of use
US7597250B2 (en) 2003-11-17 2009-10-06 Dpd Patent Trust Ltd. RFID reader with multiple interfaces
US8626160B2 (en) 2003-12-02 2014-01-07 Telecommunication Systems, Inc. User plane location based service using message tunneling to support roaming
US20050118999A1 (en) * 2003-12-02 2005-06-02 Yinjun Zhu User plane location based service using message tunneling to support roaming
US20110134839A1 (en) * 2003-12-02 2011-06-09 Yinjun Zhu User plane location based service using message tunneling to support roaming
US7890102B2 (en) 2003-12-02 2011-02-15 TeleCommunication User plane location based service using message tunneling to support roaming
US8126458B2 (en) 2003-12-02 2012-02-28 Telecommunication Systems, Inc. User plane location based service using message tunneling to support roaming
US8146141B1 (en) 2003-12-16 2012-03-27 Citibank Development Center, Inc. Method and system for secure authentication of a user by a host system
US8650625B2 (en) 2003-12-16 2014-02-11 Citibank Development Center, Inc. Method and system for secure authentication of a user by a host system
US8302172B2 (en) 2003-12-16 2012-10-30 Citibank Development Center, Inc. Methods and systems for secure authentication of a user by a host system
US8798572B2 (en) 2003-12-18 2014-08-05 Telecommunication Systems, Inc. Solutions for voice over internet protocol (VoIP) 911 location services
US7912446B2 (en) 2003-12-19 2011-03-22 Telecommunication Systems, Inc. Solutions for voice over internet protocol (VoIP) 911 location services
US9088614B2 (en) 2003-12-19 2015-07-21 Telecommunications Systems, Inc. User plane location services over session initiation protocol (SIP)
US8369825B2 (en) 2003-12-19 2013-02-05 Telecommunication Systems, Inc. Enhanced E911 network access for a call center using session initiation protocol (SIP) messaging
US9237228B2 (en) 2003-12-19 2016-01-12 Telecommunication Systems, Inc. Solutions for voice over internet protocol (VoIP) 911 location services
US8385881B2 (en) 2003-12-19 2013-02-26 Telecommunication Systems, Inc. Solutions for voice over internet protocol (VoIP) 911 location services
US9125039B2 (en) 2003-12-19 2015-09-01 Telecommunication Systems, Inc. Enhanced E911 network access for a call center using session initiation protocol (SIP) messaging
US9197992B2 (en) 2003-12-19 2015-11-24 Telecommunication Systems, Inc. User plane location services over session initiation protocol (SIP)
US20090004999A1 (en) * 2003-12-19 2009-01-01 Yinjun Zhu Solutions for voice over internet protocol (VoIP) 911 location services
US20050138361A1 (en) * 2003-12-22 2005-06-23 Mart Saarepera System and method for generating a digital certificate
US20100199087A1 (en) * 2003-12-22 2010-08-05 Guardtime As System and method for generating a digital certificate
US7698557B2 (en) 2003-12-22 2010-04-13 Guardtime As System and method for generating a digital certificate
US8347372B2 (en) 2003-12-22 2013-01-01 Guardtime Ip Holdings Limited System and method for generating a digital certificate
US20100199342A1 (en) * 2003-12-22 2010-08-05 Guardtime As System and method for generating a digital certificate
US8312528B2 (en) 2003-12-22 2012-11-13 Guardtime Ip Holdings Limited System and method for generating a digital certificate
US20050154671A1 (en) * 2004-01-08 2005-07-14 International Business Machines Corporation Systems and methods for mitigating identity theft associated with use of credit and debit cards
US7350070B2 (en) 2004-04-12 2008-03-25 Hewlett-Packard Development Company, L.P. Method and system for cryptographically secure hashed end marker of streaming data
US20050226419A1 (en) * 2004-04-12 2005-10-13 Smathers Kevin L Method and system for cryptographically secure hashed end marker of streaming data
US20050240998A1 (en) * 2004-04-22 2005-10-27 International Business Machines Corporation System and method for user determination of secure software
US7464406B2 (en) 2004-04-22 2008-12-09 Lenovo (Singapore) Pte. Ltd. System and method for user determination of secure software
US8079070B2 (en) 2004-07-15 2011-12-13 Anakam LLC System and method for blocking unauthorized network log in using stolen password
US20060015743A1 (en) * 2004-07-15 2006-01-19 Anakam L.L.C. System and method for blocking unauthorized network log in using stolen password
US8296562B2 (en) 2004-07-15 2012-10-23 Anakam, Inc. Out of band system and method for authentication
US20100100967A1 (en) * 2004-07-15 2010-04-22 Douglas James E Secure collaborative environment
US20080250477A1 (en) * 2004-07-15 2008-10-09 Anakam Inc. System and method for second factor authentication services
US9047473B2 (en) 2004-07-15 2015-06-02 Anakam, Inc. System and method for second factor authentication services
US7676834B2 (en) 2004-07-15 2010-03-09 Anakam L.L.C. System and method for blocking unauthorized network log in using stolen password
US8528078B2 (en) 2004-07-15 2013-09-03 Anakam, Inc. System and method for blocking unauthorized network log in using stolen password
US20090259848A1 (en) * 2004-07-15 2009-10-15 Williams Jeffrey B Out of band system and method for authentication
US8219822B2 (en) 2004-07-15 2012-07-10 Anakam, Inc. System and method for blocking unauthorized network log in using stolen password
US20060015742A1 (en) * 2004-07-15 2006-01-19 Allan Camaisa System and method for blocking unauthorized network log in using stolen password
US20070266257A1 (en) * 2004-07-15 2007-11-15 Allan Camaisa System and method for blocking unauthorized network log in using stolen password
US20060069921A1 (en) * 2004-07-15 2006-03-30 Allan Camaisa System and method for blocking unauthorized network log in using stolen password
US8533791B2 (en) 2004-07-15 2013-09-10 Anakam, Inc. System and method for second factor authentication services
US20060048210A1 (en) * 2004-09-01 2006-03-02 Hildre Eric A System and method for policy enforcement in structured electronic messages
US20060059548A1 (en) * 2004-09-01 2006-03-16 Hildre Eric A System and method for policy enforcement and token state monitoring
US20110010766A1 (en) * 2004-09-01 2011-01-13 Hildre Eric Arnold System and Method for Policy Enforcement and Token State Monitoring
US20060059546A1 (en) * 2004-09-01 2006-03-16 David Nester Single sign-on identity and access management and user authentication method and apparatus
WO2006035159A1 (en) * 2004-09-29 2006-04-06 France Telecom Public key cryptographic method and system, certification server and memories adapted for said system
FR2875977A1 (en) * 2004-09-29 2006-03-31 France Telecom CRYPTOGRAPHIC SYSTEM AND METHOD WITH A PUBLIC KEY AND CERTIFICATION SERVER, MEMORIES ADAPTED FOR THIS SYSTEM
US20080159543A1 (en) * 2004-09-29 2008-07-03 France Telecom Public Key Cryptographic Method And System, Certification Server And Memories Adapted For Said System
WO2006041569A2 (en) * 2004-10-05 2006-04-20 Symbol Technologies, Inc. Apparatus and method for authenticating access to a network resource using multiple shared devices
WO2006041569A3 (en) * 2004-10-05 2008-01-10 Symbol Technologies Inc Apparatus and method for authenticating access to a network resource using multiple shared devices
US20060075230A1 (en) * 2004-10-05 2006-04-06 Baird Leemon C Iii Apparatus and method for authenticating access to a network resource using multiple shared devices
US7782254B2 (en) 2004-10-15 2010-08-24 Telecommunication Systems, Inc. Culled satellite ephemeris information based on limiting a span of an inverted cone for locating satellite in-range determinations
US20090015469A1 (en) * 2004-10-15 2009-01-15 Lance Douglas Pitt Culled satellite ephemeris information for quick, accurate assisted locating satellite location determination for cell site antennas
US8681044B2 (en) 2004-10-15 2014-03-25 Telecommunication Systems, Inc. Culled satellite ephemeris information for quick, accurate assisted locating satellite location determination for cell site antennas
US20080036655A1 (en) * 2004-10-15 2008-02-14 Lance Douglas Pitt Culled satellite ephemeris information based on limiting a span of an inverted cone for locating satellite in-range determinations
US20100045520A1 (en) * 2004-10-15 2010-02-25 Lance Douglas Pitt Culled satellite ephemeris information for quick, accurate assisted locating satellite location determination for cell site antennas
AU2005225093B2 (en) * 2004-10-29 2008-09-25 Blackberry Limited System and method for verifying digital signatures on certificates
US8725643B2 (en) 2004-10-29 2014-05-13 Blackberry Limited System and method for verifying digital signatures on certificates
US20060095388A1 (en) * 2004-10-29 2006-05-04 Research In Motion Limited System and method for verifying digital signatures on certificates
US20100211795A1 (en) * 2004-10-29 2010-08-19 Research In Motion Limited System and method for verifying digital signatures on certificates
US7716139B2 (en) * 2004-10-29 2010-05-11 Research In Motion Limited System and method for verifying digital signatures on certificates
US9621352B2 (en) 2004-10-29 2017-04-11 Blackberry Limited System and method for verifying digital signatures on certificates
US20080014867A1 (en) * 2004-11-16 2008-01-17 Advanced Microelectronic And Automation Technology Ltd. Portable Identity Card Reader System For Physical and Logical Access
US7748636B2 (en) 2004-11-16 2010-07-06 Dpd Patent Trust Ltd. Portable identity card reader system for physical and logical access
US20090063852A1 (en) * 2004-12-28 2009-03-05 Messerges Thomas S Authentication for ad hoc network setup
US7571313B2 (en) 2004-12-28 2009-08-04 Motorola, Inc. Authentication for Ad Hoc network setup
CN101133586B (en) * 2004-12-28 2012-03-21 摩托罗拉解决方案公司 Authentication for ad hoc network setup
AU2005322379B2 (en) * 2004-12-28 2009-05-07 Arris Enterprises Llc Authentication for Ad Hoc network setup
WO2006071501A3 (en) * 2004-12-28 2007-08-23 Motorola Inc Authentication for ad hoc network setup
US20060155991A1 (en) * 2005-01-07 2006-07-13 Kim Kun S Authentication method, encryption method, decryption method, cryptographic system and recording medium
US8480002B2 (en) 2005-03-26 2013-07-09 Mark Poidomani Conducting a transaction with an electronic card
US8684267B2 (en) 2005-03-26 2014-04-01 Privasys Method for broadcasting a magnetic stripe data packet from an electronic smart card
US8302871B2 (en) 2005-03-26 2012-11-06 Privasys, Inc Method for conducting a transaction between a magnetic stripe reader and an electronic card
US8360332B2 (en) 2005-03-26 2013-01-29 Privasys Electronic card
US9053399B2 (en) 2005-03-26 2015-06-09 Privasys Method for broadcasting a magnetic stripe data packet from an electronic smart card
US8231063B2 (en) 2005-03-26 2012-07-31 Privasys Inc. Electronic card and methods for making same
US8540165B2 (en) 2005-03-26 2013-09-24 Privasys, Inc. Laminated electronic card assembly
US8286889B2 (en) 2005-03-26 2012-10-16 Privasys, Inc Electronic financial transaction cards and methods
US8500019B2 (en) 2005-03-26 2013-08-06 Mark Poidomani Electronic cards and methods for making same
US11356799B2 (en) 2005-04-04 2022-06-07 X One, Inc. Fleet location sharing application in association with services provision
US9185522B1 (en) 2005-04-04 2015-11-10 X One, Inc. Apparatus and method to transmit content to a cellular wireless device based on proximity to other wireless devices
US9654921B1 (en) 2005-04-04 2017-05-16 X One, Inc. Techniques for sharing position data between first and second devices
US9031581B1 (en) 2005-04-04 2015-05-12 X One, Inc. Apparatus and method for obtaining content on a cellular wireless device based on proximity to other wireless devices
US9736618B1 (en) 2005-04-04 2017-08-15 X One, Inc. Techniques for sharing relative position between mobile devices
US8831635B2 (en) 2005-04-04 2014-09-09 X One, Inc. Methods and apparatuses for transmission of an alert to multiple devices
US8798645B2 (en) 2005-04-04 2014-08-05 X One, Inc. Methods and systems for sharing position data and tracing paths between mobile-device users
US8798647B1 (en) 2005-04-04 2014-08-05 X One, Inc. Tracking proximity of services provider to services consumer
US9167558B2 (en) 2005-04-04 2015-10-20 X One, Inc. Methods and systems for sharing position data between subscribers involving multiple wireless providers
US8798593B2 (en) 2005-04-04 2014-08-05 X One, Inc. Location sharing and tracking using mobile phones or other wireless devices
US8750898B2 (en) 2005-04-04 2014-06-10 X One, Inc. Methods and systems for annotating target locations
US9615204B1 (en) 2005-04-04 2017-04-04 X One, Inc. Techniques for communication within closed groups of mobile devices
US11778415B2 (en) 2005-04-04 2023-10-03 Xone, Inc. Location sharing application in association with services provision
US8385964B2 (en) 2005-04-04 2013-02-26 Xone, Inc. Methods and apparatuses for geospatial-based sharing of information by multiple devices
US9749790B1 (en) 2005-04-04 2017-08-29 X One, Inc. Rendez vous management using mobile phones or other mobile devices
US10856099B2 (en) 2005-04-04 2020-12-01 X One, Inc. Application-based two-way tracking and mapping function with selected individuals
US10791414B2 (en) 2005-04-04 2020-09-29 X One, Inc. Location sharing for commercial and proprietary content applications
US9854394B1 (en) 2005-04-04 2017-12-26 X One, Inc. Ad hoc location sharing group between first and second cellular wireless devices
US9854402B1 (en) 2005-04-04 2017-12-26 X One, Inc. Formation of wireless device location sharing group
US10750311B2 (en) 2005-04-04 2020-08-18 X One, Inc. Application-based tracking and mapping function in connection with vehicle-based services provision
US9883360B1 (en) 2005-04-04 2018-01-30 X One, Inc. Rendez vous management using mobile phones or other mobile devices
US10750309B2 (en) 2005-04-04 2020-08-18 X One, Inc. Ad hoc location sharing group establishment for wireless devices with designated meeting point
US9253616B1 (en) 2005-04-04 2016-02-02 X One, Inc. Apparatus and method for obtaining content on a cellular wireless device based on proximity
US8538458B2 (en) 2005-04-04 2013-09-17 X One, Inc. Location sharing and tracking using mobile phones or other wireless devices
US9942705B1 (en) 2005-04-04 2018-04-10 X One, Inc. Location sharing group for services provision
US9955298B1 (en) 2005-04-04 2018-04-24 X One, Inc. Methods, systems and apparatuses for the formation and tracking of location sharing groups
US8712441B2 (en) 2005-04-04 2014-04-29 Xone, Inc. Methods and systems for temporarily sharing position data between mobile-device users
US10750310B2 (en) 2005-04-04 2020-08-18 X One, Inc. Temporary location sharing group with event based termination
US9467832B2 (en) 2005-04-04 2016-10-11 X One, Inc. Methods and systems for temporarily sharing position data between mobile-device users
US9967704B1 (en) 2005-04-04 2018-05-08 X One, Inc. Location sharing group map management
US10341808B2 (en) 2005-04-04 2019-07-02 X One, Inc. Location sharing for commercial and proprietary content applications
US10149092B1 (en) 2005-04-04 2018-12-04 X One, Inc. Location sharing service between GPS-enabled wireless devices, with shared target location exchange
US10341809B2 (en) 2005-04-04 2019-07-02 X One, Inc. Location sharing with facilitated meeting point definition
US10313826B2 (en) 2005-04-04 2019-06-04 X One, Inc. Location sharing and map support in connection with services request
US10299071B2 (en) 2005-04-04 2019-05-21 X One, Inc. Server-implemented methods and systems for sharing location amongst web-enabled cell phones
US9584960B1 (en) 2005-04-04 2017-02-28 X One, Inc. Rendez vous management using mobile phones or other mobile devices
US10200811B1 (en) 2005-04-04 2019-02-05 X One, Inc. Map presentation on cellular device showing positions of multiple other wireless device users
US10165059B2 (en) 2005-04-04 2018-12-25 X One, Inc. Methods, systems and apparatuses for the formation and tracking of location sharing groups
US20080054068A1 (en) * 2005-05-09 2008-03-06 Mullen Jeffrey D Dynamic credit card with magnetic stripe and embedded encoder and methods for using the same to provide a copy-proof credit card
US7931195B2 (en) 2005-05-09 2011-04-26 Dynamics Inc. Dynamic credit card with magnetic stripe and embedded encoder and methods for using the same to provide a copy-proof credit card
US20090308921A1 (en) * 2005-05-09 2009-12-17 Mullen Jeffrey D Dynamic credit card with magnetic stripe and embedded encoder and methods for using the same to provide a copy-proof credit card
US20080054081A1 (en) * 2005-05-09 2008-03-06 Mullen Jeffrey D Dynamic credit card with magnetic stripe and embedded encoder and methods for using the same to provide a copy-proof credit card
US7828220B2 (en) 2005-05-09 2010-11-09 Dynamics Inc. Dynamic credit card with magnetic stripe and embedded encoder and methods for using the same to provide a copy-proof credit card
US20080054079A1 (en) * 2005-05-09 2008-03-06 Mullen Jeffrey D Dynamic credit card with magnetic stripe and embedded encoder and methods for using the same to provide a copy-proof credit card
US20080035738A1 (en) * 2005-05-09 2008-02-14 Mullen Jeffrey D Dynamic credit card with magnetic stripe and embedded encoder and methods for using the same to provide a copy-proof credit card
US20080302869A1 (en) * 2005-05-09 2008-12-11 Mullen Jeffrey D Dynamic credit card with magnetic stripe and embedded encoder and methods for using the same to provide a copy-proof credit card
US20080029607A1 (en) * 2005-05-09 2008-02-07 Mullen Jeffrey D Dynamic credit card with magnetic stripe and embedded encoder and methods for using the same to provide a copy-proof credit card
US7793851B2 (en) 2005-05-09 2010-09-14 Dynamics Inc. Dynamic credit card with magnetic stripe and embedded encoder and methods for using the same to provide a copy-proof credit card
US20080065555A1 (en) * 2005-05-09 2008-03-13 Mullen Jeffrey D Dynamic credit card with magnetic stripe and embedded encoder and methods for using the same to provide a copy-proof credit card
US20080302876A1 (en) * 2005-05-09 2008-12-11 Mullen Jeffrey D Dynamic credit card with magnetic stripe and embedded encoder and methods for using the same to provide a copy-proof credit card
US7954705B2 (en) 2005-05-09 2011-06-07 Dynamics Inc. Dynamic credit card with magnetic stripe and embedded encoder and methods for using the same to provide a copy-proof credit card
CN101208952B (en) * 2005-06-23 2011-06-15 汤姆森特许公司 System and method for multimedia visit equipment registration
WO2007001287A1 (en) * 2005-06-23 2007-01-04 Thomson Licensing Multi-media access device registration system and method
US20070005955A1 (en) * 2005-06-29 2007-01-04 Microsoft Corporation Establishing secure mutual trust using an insecure password
US20110035593A1 (en) * 2005-06-29 2011-02-10 Microsoft Corporation Establishing secure mutual trust using an insecure password
WO2007002816A3 (en) * 2005-06-29 2007-03-08 Microsoft Corp Establishing secure mutual trust using an insecure password
US7836306B2 (en) 2005-06-29 2010-11-16 Microsoft Corporation Establishing secure mutual trust using an insecure password
WO2007002816A2 (en) * 2005-06-29 2007-01-04 Microsoft Corporation Establishing secure mutual trust using an insecure password
US8332643B2 (en) 2005-06-29 2012-12-11 Microsoft Corporation Establishing secure mutual trust using an insecure password
US9288615B2 (en) 2005-07-19 2016-03-15 Telecommunication Systems, Inc. Location service requests throttling
US20070021125A1 (en) * 2005-07-19 2007-01-25 Yinjun Zhu Location service requests throttling
US20090149193A1 (en) * 2005-08-24 2009-06-11 Leslie Johann Lamprecht Creating optimum temporal location trigger for multiple requests
US20070049288A1 (en) * 2005-08-24 2007-03-01 Lamprecht Leslie J Creating optimum temporal location trigger for multiple requests
US8220042B2 (en) * 2005-09-12 2012-07-10 Microsoft Corporation Creating secure interactive connections with remote resources
US9038162B2 (en) * 2005-09-12 2015-05-19 Microsoft Technology Licensing, Llc Creating secure interactive connections with remote resources
US20120266214A1 (en) * 2005-09-12 2012-10-18 Microsoft Corporation Creating secure interactive connections with remote resources
US20070061878A1 (en) * 2005-09-12 2007-03-15 Microsoft Corporation Creating secure interactive connections with remote resources
US9282451B2 (en) 2005-09-26 2016-03-08 Telecommunication Systems, Inc. Automatic location identification (ALI) service requests steering, connection sharing and protocol translation
US20100332848A1 (en) * 2005-09-29 2010-12-30 Research In Motion Limited System and method for code signing
US9077524B2 (en) 2005-09-29 2015-07-07 Blackberry Limited System and method for providing an indication of randomness quality of random number data generated by a random data service
US20070071238A1 (en) * 2005-09-29 2007-03-29 Research In Motion Limited System and method for providing an indication of randomness quality of random number data generated by a random data service
US8340289B2 (en) 2005-09-29 2012-12-25 Research In Motion Limited System and method for providing an indication of randomness quality of random number data generated by a random data service
US8452970B2 (en) 2005-09-29 2013-05-28 Research In Motion Limited System and method for code signing
US10567975B2 (en) 2005-10-04 2020-02-18 Hoffberg Family Trust 2 Multifactorial optimization system and method
US20070075849A1 (en) * 2005-10-05 2007-04-05 Pitt Lance D Cellular augmented vehicle alarm notification together with location services for position of an alarming vehicle
US7825780B2 (en) 2005-10-05 2010-11-02 Telecommunication Systems, Inc. Cellular augmented vehicle alarm notification together with location services for position of an alarming vehicle
US20070075848A1 (en) * 2005-10-05 2007-04-05 Pitt Lance D Cellular augmented vehicle alarm
US20100272242A1 (en) * 2005-10-06 2010-10-28 Jon Croy Voice over internet protocol (VolP) location based 911 conferencing
US20070092070A1 (en) * 2005-10-06 2007-04-26 Jon Croy Voice over Internet protocol (VoIP) location based 911 conferencing
US8467320B2 (en) 2005-10-06 2013-06-18 Telecommunication Systems, Inc. Voice over internet protocol (VoIP) multi-user conferencing
US7907551B2 (en) 2005-10-06 2011-03-15 Telecommunication Systems, Inc. Voice over internet protocol (VoIP) location based 911 conferencing
US20070124810A1 (en) * 2005-11-29 2007-05-31 Sigalow Ian D Method and system for securing electronic transactions
US7810147B2 (en) 2005-12-01 2010-10-05 Emc Corporation Detecting and preventing replay in authentication systems
US20070256123A1 (en) * 2005-12-01 2007-11-01 Rsa Security, Inc. Detecting and preventing replay in authentication systems
US9959542B2 (en) 2006-01-20 2018-05-01 1997 Irrevocable Trust For Gregory P. Benon System and method for the automated processing of physical objects
US9569907B2 (en) 2006-01-20 2017-02-14 1997 Irrevocable Trust For Gregory P. Benson System and method for the automated processing of physical objects
US20070180262A1 (en) * 2006-01-20 2007-08-02 Glenbrook Associates, Inc. System and method for the automated processing of physical objects
US20080028447A1 (en) * 2006-02-10 2008-01-31 Rsa Security Inc. Method and system for providing a one time password to work in conjunction with a browser
US8234696B2 (en) 2006-02-10 2012-07-31 Emc Corporation Method and system for providing a one time password to work in conjunction with a browser
US8406728B2 (en) 2006-02-16 2013-03-26 Telecommunication Systems, Inc. Enhanced E911 network access for call centers
US20070190968A1 (en) * 2006-02-16 2007-08-16 Richard Dickinson Enhanced E911 network access for call centers
US9420444B2 (en) 2006-02-16 2016-08-16 Telecommunication Systems, Inc. Enhanced E911 network access for call centers
US8150363B2 (en) 2006-02-16 2012-04-03 Telecommunication Systems, Inc. Enhanced E911 network access for call centers
US8059789B2 (en) 2006-02-24 2011-11-15 Telecommunication Systems, Inc. Automatic location identification (ALI) emergency services pseudo key (ESPK)
US20070201623A1 (en) * 2006-02-24 2007-08-30 John Gordon Hines Automatic location identification (ALI) emergency services pseudo key (ESPK)
US20110149933A1 (en) * 2006-03-01 2011-06-23 Lance Douglas Pitt Cellular augmented radar/laser detection using local mobile network within cellular network
US20090015461A1 (en) * 2006-03-01 2009-01-15 Lance Douglas Pitt Cellular augmented radar/laser detector
US7899450B2 (en) 2006-03-01 2011-03-01 Telecommunication Systems, Inc. Cellular augmented radar/laser detection using local mobile network within cellular network
US20070207797A1 (en) * 2006-03-01 2007-09-06 Pitt Lance D Cellular augmented radar/laser detection using local mobile network within cellular network
US7965222B2 (en) 2006-03-01 2011-06-21 Telecommunication Systems, Inc. Cellular augmented radar/laser detector
US7764219B2 (en) 2006-03-01 2010-07-27 Telecommunication Systems, Inc. Cellular augmented radar/laser detector
US9002347B2 (en) 2006-03-01 2015-04-07 Telecommunication Systems, Inc. Transmitter augmented radar/laser detection using local mobile network within a wide area network
US8515414B2 (en) 2006-03-01 2013-08-20 Telecommunication Systems, Inc. Cellular augmented radar/laser detection using local mobile network within cellular network
US7471236B1 (en) 2006-03-01 2008-12-30 Telecommunication Systems, Inc. Cellular augmented radar/laser detector
US9167553B2 (en) 2006-03-01 2015-10-20 Telecommunication Systems, Inc. GeoNexus proximity detector network
US20090079614A1 (en) * 2006-03-01 2009-03-26 Lance Douglas Pitt Cellular augmented radar/laser detector
US20070238455A1 (en) * 2006-04-07 2007-10-11 Yinjun Zhu Mobile based area event handling when currently visited network doe not cover area
US8208605B2 (en) 2006-05-04 2012-06-26 Telecommunication Systems, Inc. Extended efficient usage of emergency services keys
US8885796B2 (en) 2006-05-04 2014-11-11 Telecommunications Systems, Inc. Extended efficient usage of emergency services keys
US20080154966A1 (en) * 2006-05-04 2008-06-26 Gerhard Geldenbott Extended efficient usage of emergency services keys
US9584661B2 (en) 2006-05-04 2017-02-28 Telecommunication Systems, Inc. Extended efficient usage of emergency services keys
FR2901084A1 (en) * 2006-05-15 2007-11-16 Ibrahim Hajjeh User`s identity protecting method for e.g. mobile telephone, involves ensuring protection of identity of client device user, and deriving encryption key from less weightage bits of key generated from premaster secret and random values
US9531548B2 (en) * 2006-06-26 2016-12-27 Mlr, Llc Security system for handheld wireless devices using time-variable encryption keys
US20080022089A1 (en) * 2006-06-26 2008-01-24 Leedom Charles M Security system for handheld wireless devices using-time variable encryption keys
US20170171750A1 (en) * 2006-06-26 2017-06-15 Mlr, Llc. Security system for handheld wireless devices using time-variable encryption keys
US8732459B2 (en) * 2006-06-26 2014-05-20 Mlr, Llc Security system for handheld wireless devices using time-variable encryption keys
US8341397B2 (en) 2006-06-26 2012-12-25 Mlr, Llc Security system for handheld wireless devices using-time variable encryption keys
US20130159705A1 (en) * 2006-06-26 2013-06-20 Mlr, Llc Security system for handheld wireless devices using time-variable encryption keys
US20160119149A1 (en) * 2006-06-26 2016-04-28 Mlr, Llc Security system for handheld wireless devices using time-variable encryption keys
US10652734B2 (en) * 2006-06-26 2020-05-12 Mlr, Llc Security system for handheld wireless devices using time-variable encryption keys
US7849321B2 (en) 2006-08-23 2010-12-07 Authernative, Inc. Authentication method of random partial digitized path recognition with a challenge built into the path
US20080072045A1 (en) * 2006-08-23 2008-03-20 Authernative, Inc. Authentication method of random partial digitized path recognition with a challenge built into the path
US20080261619A1 (en) * 2006-09-26 2008-10-23 John Gordon Hines Injection of location object into routing SIP message
US20080090546A1 (en) * 2006-10-17 2008-04-17 Richard Dickinson Enhanced E911 network access for a call center using session initiation protocol (SIP) messaging
US7966013B2 (en) 2006-11-03 2011-06-21 Telecommunication Systems, Inc. Roaming gateway enabling location based services (LBS) roaming for user plane in CDMA networks without requiring use of a mobile positioning center (MPC)
US20080242296A1 (en) * 2006-11-03 2008-10-02 D Souza Myron Roaming gateway enabling location based services (LBS) roaming for user plane in CDMA networks without requiring use of a mobile positioning center (MPC)
US20110223909A1 (en) * 2006-11-03 2011-09-15 D Souza Myron Roaming gateway enabling location based services (LBS) roaming for user plane in CDMA networks without requiring use of a mobile positioning center (MPC)
US8190151B2 (en) 2006-11-03 2012-05-29 Telecommunication Systems, Inc. Roaming gateway enabling location based services (LBS) roaming for user plane in CDMA networks without requiring use of a mobile positioning center (MPC)
US20080126535A1 (en) * 2006-11-28 2008-05-29 Yinjun Zhu User plane location services over session initiation protocol (SIP)
WO2008084068A1 (en) * 2007-01-10 2008-07-17 Jaycrypto Limited Method and systems for proving the authenticity of a client to a server
EP1944714A1 (en) * 2007-01-10 2008-07-16 Jaycrypto Limited Method and systems for providing the authenticity of a client to a server
US20080167018A1 (en) * 2007-01-10 2008-07-10 Arlene Havlark Wireless telecommunications location based services scheme selection
US9232062B2 (en) 2007-02-12 2016-01-05 Telecommunication Systems, Inc. Mobile automatic location identification (ALI) for first responders
US7973607B1 (en) 2007-04-23 2011-07-05 Emc Corporation RTC circuit with time value adjustment
US9467826B2 (en) 2007-09-17 2016-10-11 Telecommunications Systems, Inc. Emergency 911 data messaging
US20090227225A1 (en) * 2007-09-17 2009-09-10 Mitchell Jr Donald L Emergency 911 data messaging
US9131357B2 (en) 2007-09-17 2015-09-08 Telecommunication Systems, Inc. Emergency 911 data messaging
US8027697B2 (en) 2007-09-28 2011-09-27 Telecommunication Systems, Inc. Public safety access point (PSAP) selection for E911 wireless callers in a GSM type system
US7929530B2 (en) 2007-11-30 2011-04-19 Telecommunication Systems, Inc. Ancillary data support in session initiation protocol (SIP) messaging
US8302872B2 (en) 2007-12-24 2012-11-06 Dynamics Inc. Advanced dynamic credit cards
US20090159704A1 (en) * 2007-12-24 2009-06-25 Dynamics Inc. Cards and devices with magnetic emulators and magnetic read-head detectors
US20090159698A1 (en) * 2007-12-24 2009-06-25 Dymanics Inc. Payment cards and devices with gift card, global integration, and magnetic stripe reader communication functionality
US9639796B2 (en) 2007-12-24 2017-05-02 Dynamics Inc. Cards and devices with magnetic emulators with zoning control and advanced interiors
US10032100B2 (en) 2007-12-24 2018-07-24 Dynamics Inc. Cards and devices with multifunction magnetic emulators and methods for using same
US8517276B2 (en) 2007-12-24 2013-08-27 Dynamics Inc. Cards and devices with multifunction magnetic emulators and methods for using same
US7784687B2 (en) 2007-12-24 2010-08-31 Dynamics Inc. Payment cards and devices with displays, chips, RFIDS, magnetic emulators, magnetic decoders, and other components
US10095974B1 (en) 2007-12-24 2018-10-09 Dynamics Inc. Payment cards and devices with displays, chips, RFIDs, magnetic emulators, magnetic encoders, and other components
US11494606B2 (en) 2007-12-24 2022-11-08 Dynamics Inc. Cards and devices with magnetic emulators with zoning control and advanced interiors
US9547816B2 (en) 2007-12-24 2017-01-17 Dynamics Inc. Cards and devices with multifunction magnetic emulators and methods for using same
US20090159705A1 (en) * 2007-12-24 2009-06-25 Dynamics Inc. Payment cards and devices operable to receive point-of-sale actions before point-of-sale and forward actions at point-of-sale
US8011577B2 (en) 2007-12-24 2011-09-06 Dynamics Inc. Payment cards and devices with gift card, global integration, and magnetic stripe reader communication functionality
US20090159690A1 (en) * 2007-12-24 2009-06-25 Dynamics Inc. Payment cards and devices with gift card, global integration, and magnetic stripe reader communication functionality
US8020775B2 (en) 2007-12-24 2011-09-20 Dynamics Inc. Payment cards and devices with enhanced magnetic emulators
US11238329B2 (en) 2007-12-24 2022-02-01 Dynamics Inc. Payment cards and devices with gift card, global integration, and magnetic stripe reader communication functionality
US20090159707A1 (en) * 2007-12-24 2009-06-25 Dynamics Inc. Systems and methods for programmable payment cards and devices with loyalty-based payment applications
US20090159667A1 (en) * 2007-12-24 2009-06-25 Dynamics, Inc. Cards with serial magnetic emulators
US8074877B2 (en) 2007-12-24 2011-12-13 Dynamics Inc. Systems and methods for programmable payment cards and devices with loyalty-based payment applications
US10169692B2 (en) 2007-12-24 2019-01-01 Dynamics Inc. Credit, security, debit cards and the like with buttons
US10198687B2 (en) 2007-12-24 2019-02-05 Dynamics Inc. Cards and devices with multifunction magnetic emulators and methods for using same
US9384438B2 (en) 2007-12-24 2016-07-05 Dynamics, Inc. Cards with serial magnetic emulators
US20090159668A1 (en) * 2007-12-24 2009-06-25 Dynamics Inc. Cards and devices with multifunction magnetic emulators and methods for using same
US8608083B2 (en) 2007-12-24 2013-12-17 Dynamics Inc. Cards and devices with magnetic emulators with zoning control and advanced interiors
US9361569B2 (en) 2007-12-24 2016-06-07 Dynamics, Inc. Cards with serial magnetic emulators
US9684861B2 (en) 2007-12-24 2017-06-20 Dynamics Inc. Payment cards and devices with displays, chips, RFIDs, magnetic emulators, magnetic decoders, and other components
US8485437B2 (en) 2007-12-24 2013-07-16 Dynamics Inc. Systems and methods for programmable payment cards and devices with loyalty-based payment applications
US10223631B2 (en) 2007-12-24 2019-03-05 Dynamics Inc. Cards and devices with multifunction magnetic emulators and methods for using same
US8459548B2 (en) 2007-12-24 2013-06-11 Dynamics Inc. Payment cards and devices with gift card, global integration, and magnetic stripe reader communication functionality
US8424773B2 (en) 2007-12-24 2013-04-23 Dynamics Inc. Payment cards and devices with enhanced magnetic emulators
US8668143B2 (en) 2007-12-24 2014-03-11 Dynamics Inc. Payment cards and devices with gift card, global integration, and magnetic stripe reader communication functionality
US20090159713A1 (en) * 2007-12-24 2009-06-25 Dynamics Inc. Payment cards and devices with enhanced magnetic emulators
US8413892B2 (en) 2007-12-24 2013-04-09 Dynamics Inc. Payment cards and devices with displays, chips, RFIDs, magnetic emulators, magnetic encoders, and other components
US20090160617A1 (en) * 2007-12-24 2009-06-25 Dynamics Inc. Credit, security, debit cards and the like with buttons
US10255545B2 (en) 2007-12-24 2019-04-09 Dynamics Inc. Cards and devices with multifunction magnetic emulators and methods for using same
US20090159672A1 (en) * 2007-12-24 2009-06-25 Dynamics Inc. Cards with serial magnetic emulators
US20090159688A1 (en) * 2007-12-24 2009-06-25 Dynamics Inc. Payment cards and devices with displays, chips, rfids, magnetic emulators, magnetic decoders, and other components
US10325199B2 (en) 2007-12-24 2019-06-18 Dynamics Inc. Payment cards and devices with displays, chips, RFIDs, magnetic emulators, magentic decoders, and other components
US20090159689A1 (en) * 2007-12-24 2009-06-25 Dynamics Inc. Payment cards and devices with gift card, global integration, and magnetic stripe reader communication functionality
US8382000B2 (en) 2007-12-24 2013-02-26 Dynamics Inc. Payment cards and devices with enhanced magnetic emulators
US8733638B2 (en) 2007-12-24 2014-05-27 Dynamics Inc. Payment cards and devices with displays, chips, RFIDs, magnetic emulators, magentic decoders, and other components
US20090159682A1 (en) * 2007-12-24 2009-06-25 Dynamics Inc. Cards and devices with multi-function magnetic emulators and methods for using same
US11062195B2 (en) 2007-12-24 2021-07-13 Dynamics Inc. Cards and devices with multifunction magnetic emulators and methods for using same
US20090159710A1 (en) * 2007-12-24 2009-06-25 Dynamics Inc. Cards and devices with magnetic emulators and magnetic reader read-head detectors
US20090159703A1 (en) * 2007-12-24 2009-06-25 Dynamics Inc. Credit, security, debit cards and the like with buttons
US10430704B2 (en) 2007-12-24 2019-10-01 Dynamics Inc. Payment cards and devices with displays, chips, RFIDs, magnetic emulators, magnetic encoders, and other components
US11055600B2 (en) 2007-12-24 2021-07-06 Dynamics Inc. Cards with serial magnetic emulators
US9697454B2 (en) 2007-12-24 2017-07-04 Dynamics Inc. Payment cards and devices with displays, chips, RFIDs, magnetic emulators, magnetic encoders, and other components
US10467521B2 (en) 2007-12-24 2019-11-05 Dynamics Inc. Payment cards and devices with gift card, global integration, and magnetic stripe reader communication functionality
US11037045B2 (en) 2007-12-24 2021-06-15 Dynamics Inc. Cards and devices with magnetic emulators with zoning control and advanced interiors
US9704089B2 (en) 2007-12-24 2017-07-11 Dynamics Inc. Systems and methods for programmable payment cards and devices with loyalty-based payment applications
US9704088B2 (en) 2007-12-24 2017-07-11 Dynamics Inc. Cards and devices with multifunction magnetic emulators and methods for using same
US9805297B2 (en) 2007-12-24 2017-10-31 Dynamics Inc. Systems and methods for programmable payment cards and devices with loyalty-based payment applications
US20090159681A1 (en) * 2007-12-24 2009-06-25 Dynamics, Inc. Cards and devices with magnetic emulators and magnetic reader read-head detectors
US20090159663A1 (en) * 2007-12-24 2009-06-25 Dynamics Inc. Payment cards and devices operable to receive point-of-sale actions before point-of-sale and forward actions at point-of-sale
US10496918B2 (en) 2007-12-24 2019-12-03 Dynamics Inc. Cards and devices with multifunction magnetic emulators and methods for using the same
US8875999B2 (en) 2007-12-24 2014-11-04 Dynamics Inc. Payment cards and devices with gift card, global integration, and magnetic stripe reader communication functionality
US8286876B2 (en) 2007-12-24 2012-10-16 Dynamics Inc. Cards and devices with magnetic emulators and magnetic reader read-head detectors
US8881989B2 (en) 2007-12-24 2014-11-11 Dynamics Inc. Cards and devices with magnetic emulators with zoning control and advanced interiors
US20090159712A1 (en) * 2007-12-24 2009-06-25 Dynamics Inc. Payment cards and devices with displays, chips, rfids, magnetic emulators, magentic decoders, and other components
US20090159709A1 (en) * 2007-12-24 2009-06-25 Dynamics Inc. Advanced dynamic credit cards
US10997489B2 (en) 2007-12-24 2021-05-04 Dynamics Inc. Cards and devices with multifunction magnetic emulators and methods for using same
US10579920B2 (en) 2007-12-24 2020-03-03 Dynamics Inc. Systems and methods for programmable payment cards and devices with loyalty-based payment applications
US20090159706A1 (en) * 2007-12-24 2009-06-25 Dynamics Inc. Payment cards and devices with displays, chips, rfids, magentic emulators, magentic decoders, and other components
US20090159708A1 (en) * 2007-12-24 2009-06-25 Dynamics Inc. Payment cards and devices with enhanced magnetic emulators
US20090159680A1 (en) * 2007-12-24 2009-06-25 Dynamics Inc. Credit, security, debit cards and the like with buttons
US20090159711A1 (en) * 2007-12-24 2009-06-25 Dynamics Inc. Cards and devices with magnetic emulators with zoning control and advanced interiors
US20090159700A1 (en) * 2007-12-24 2009-06-25 Dynamics Inc. Systems and methods for programmable payment cards and devices with loyalty-based payment applications
US20090159669A1 (en) * 2007-12-24 2009-06-25 Dynamics Inc. Cards with serial magnetic emulators
US20090159673A1 (en) * 2007-12-24 2009-06-25 Dynamics Inc. Systems and methods for programmable payment cards and devices with loyalty-based payment applications
US8973824B2 (en) 2007-12-24 2015-03-10 Dynamics Inc. Cards and devices with magnetic emulators with zoning control and advanced interiors
US9010630B2 (en) 2007-12-24 2015-04-21 Dynamics Inc. Systems and methods for programmable payment cards and devices with loyalty-based payment applications
US9004368B2 (en) 2007-12-24 2015-04-14 Dynamics Inc. Payment cards and devices with enhanced magnetic emulators
US9727813B2 (en) 2007-12-24 2017-08-08 Dynamics Inc. Credit, security, debit cards and the like with buttons
US8068587B2 (en) 2008-08-22 2011-11-29 Telecommunication Systems, Inc. Nationwide table routing of voice over internet protocol (VOIP) emergency calls
EP2159762A1 (en) 2008-08-27 2010-03-03 Deutsche Telekom AG Chip card based authentication method
US20100088195A1 (en) * 2008-10-08 2010-04-08 International Business Machines Corporation Method of requesting a customized instance of an object using information contained within an existing instance
US8346669B2 (en) * 2008-10-08 2013-01-01 International Business Machines Corporation Method of requesting a customized instance of an object using information contained within an existing instance
US8525681B2 (en) 2008-10-14 2013-09-03 Telecommunication Systems, Inc. Location based proximity alert
US20100093371A1 (en) * 2008-10-14 2010-04-15 Todd Gehrke Location based geo-reminders
US9467810B2 (en) 2008-10-14 2016-10-11 Telecommunication Systems, Inc. Location based geo-reminders
US8892128B2 (en) 2008-10-14 2014-11-18 Telecommunication Systems, Inc. Location based geo-reminders
US8579203B1 (en) 2008-12-19 2013-11-12 Dynamics Inc. Electronic magnetic recorded media emulators in magnetic card devices
US8931703B1 (en) 2009-03-16 2015-01-13 Dynamics Inc. Payment cards and devices for displaying barcodes
US8590796B1 (en) 2009-04-06 2013-11-26 Dynamics Inc. Cards having dynamic magnetic stripe communication devices fabricated from multiple boards
US9928456B1 (en) 2009-04-06 2018-03-27 Dynamics Inc. Cards and assemblies with user interfaces
US8757499B2 (en) 2009-04-06 2014-06-24 Dynamics Inc. Laminated cards with manual input interfaces
US9329619B1 (en) 2009-04-06 2016-05-03 Dynamics Inc. Cards with power management
US8172148B1 (en) 2009-04-06 2012-05-08 Dynamics Inc. Cards and assemblies with user interfaces
US10948964B1 (en) 2009-04-06 2021-03-16 Dynamics Inc. Cards with power management
US8622309B1 (en) 2009-04-06 2014-01-07 Dynamics Inc. Payment cards and devices with budgets, parental controls, and virtual accounts
US8066191B1 (en) 2009-04-06 2011-11-29 Dynamics Inc. Cards and assemblies with user interfaces
US8282007B1 (en) 2009-04-06 2012-10-09 Dynamics Inc. Laminated cards with manual input interfaces
US10176419B1 (en) 2009-04-06 2019-01-08 Dynamics Inc. Cards and assemblies with user interfaces
US20100284366A1 (en) * 2009-05-05 2010-11-11 Yinjun Zhu Multiple location retrieval function (LRF) network having location continuity
US8331568B2 (en) 2009-05-28 2012-12-11 Microsoft Corporation Efficient distribution of computation in key agreement
US20100306525A1 (en) * 2009-05-28 2010-12-02 Microsoft Corporation Efficient distribution of computation in key agreement
US9064255B1 (en) 2009-06-23 2015-06-23 Dynamics Inc. Cards deployed with inactivated products for activation
US8393545B1 (en) 2009-06-23 2013-03-12 Dynamics Inc. Cards deployed with inactivated products for activation
US11144909B1 (en) 2009-06-23 2021-10-12 Dynamics Inc. Cards deployed with inactivated products for activation
US8757483B1 (en) 2009-06-23 2014-06-24 Dynamics Inc. Cards deployed with inactivated products for activation
US20110009086A1 (en) * 2009-07-10 2011-01-13 Todd Poremba Text to 9-1-1 emergency communication
US9953255B1 (en) 2009-08-17 2018-04-24 Dynamics Inc. Advanced loyalty applications for powered cards and devices
US11003970B1 (en) 2009-08-17 2021-05-11 Dynamics Inc. Advanced loyalty applications for powered cards and devices
US8511574B1 (en) 2009-08-17 2013-08-20 Dynamics Inc. Advanced loyalty applications for powered cards and devices
US9852368B1 (en) 2009-08-17 2017-12-26 Dynamics Inc. Advanced loyalty applications for powered cards and devices
US20110064046A1 (en) * 2009-09-11 2011-03-17 Yinjun Zhu User plane emergency location continuity for voice over internet protocol (VoIP)/IMS emergency services
US9306666B1 (en) 2009-10-08 2016-04-05 Dynamics Inc. Programming protocols for powered cards and devices
US8727219B1 (en) 2009-10-12 2014-05-20 Dynamics Inc. Magnetic stripe track signal having multiple communications channels
US10181097B1 (en) 2009-10-20 2019-01-15 Dynamics Inc. Advanced payment options for powered cards and devices
US8814050B1 (en) 2009-10-20 2014-08-26 Dynamics Inc. Advanced payment options for powered cards and devices
US9292843B1 (en) 2009-10-20 2016-03-22 Dynamics Inc. Advanced payment options for powered cards and devices
US8523059B1 (en) 2009-10-20 2013-09-03 Dynamics Inc. Advanced payment options for powered cards and devices
US8393546B1 (en) 2009-10-25 2013-03-12 Dynamics Inc. Games, prizes, and entertainment for powered cards and devices
US9652436B1 (en) 2009-10-25 2017-05-16 Dynamics Inc. Games, prizes, and entertainment for powered cards and devices
US20110149953A1 (en) * 2009-12-23 2011-06-23 William Helgeson Tracking results of a v2 query in voice over internet (VoIP) emergency call systems
US9373069B2 (en) 2010-02-16 2016-06-21 Dynamics Inc. Systems and methods for drive circuits for dynamic magnetic stripe communications devices
US8602312B2 (en) 2010-02-16 2013-12-10 Dynamics Inc. Systems and methods for drive circuits for dynamic magnetic stripe communications devices
US9875437B2 (en) 2010-02-16 2018-01-23 Dynamics Inc. Systems and methods for drive circuits for dynamic magnetic stripe communications devices
US8746579B1 (en) 2010-03-02 2014-06-10 Dynamics Inc. Systems and methods for detection mechanisms for magnetic cards and devices
US10482363B1 (en) 2010-03-02 2019-11-19 Dynamics Inc. Systems and methods for detection mechanisms for magnetic cards and devices
US8348172B1 (en) 2010-03-02 2013-01-08 Dynamics Inc. Systems and methods for detection mechanisms for magnetic cards and devices
US8573503B1 (en) 2010-03-02 2013-11-05 Dynamics Inc. Systems and methods for detection mechanisms for magnetic cards and devices
US10693263B1 (en) 2010-03-16 2020-06-23 Dynamics Inc. Systems and methods for audio connectors for powered cards and devices
US10504105B2 (en) 2010-05-18 2019-12-10 Dynamics Inc. Systems and methods for cards and devices operable to communicate to touch sensitive displays
US11120427B2 (en) 2010-05-18 2021-09-14 Dynamics Inc. Systems and methods for cards and devices operable to communicate via light pulsing
US8317103B1 (en) 2010-06-23 2012-11-27 FiTeq Method for broadcasting a magnetic stripe data packet from an electronic smart card
US8226001B1 (en) 2010-06-23 2012-07-24 Fiteq, Inc. Method for broadcasting a magnetic stripe data packet from an electronic smart card
USD674013S1 (en) 2010-07-02 2013-01-08 Dynamics Inc. Multiple button interactive electronic card with light sources
USD687094S1 (en) 2010-07-02 2013-07-30 Dynamics Inc. Multiple button interactive electronic card with light sources
USD652448S1 (en) 2010-07-02 2012-01-17 Dynamics Inc. Multiple button interactive electronic card
USD652449S1 (en) 2010-07-02 2012-01-17 Dynamics Inc. Multiple button interactive electronic card
USD652867S1 (en) 2010-07-02 2012-01-24 Dynamics Inc. Multiple button interactive electronic card
USD672389S1 (en) 2010-07-02 2012-12-11 Dynamics Inc. Multiple button interactive electronic card with light sources
USD652075S1 (en) 2010-07-02 2012-01-10 Dynamics Inc. Multiple button interactive electronic card
USD670759S1 (en) 2010-07-02 2012-11-13 Dynamics Inc. Multiple button interactive electronic card with light sources
USD651238S1 (en) 2010-07-09 2011-12-27 Dynamics Inc. Interactive electronic card with display
USD643063S1 (en) 2010-07-09 2011-08-09 Dynamics Inc. Interactive electronic card with display
US9204294B2 (en) 2010-07-09 2015-12-01 Telecommunication Systems, Inc. Location privacy selector
USD651237S1 (en) 2010-07-09 2011-12-27 Dynamics Inc. Interactive electronic card with display
EP2416524A2 (en) 2010-07-09 2012-02-08 Tata Consultancy Services Limited System and method for secure transaction of data between wireless communication device and server
US8315599B2 (en) 2010-07-09 2012-11-20 Telecommunication Systems, Inc. Location privacy selector
US8842833B2 (en) 2010-07-09 2014-09-23 Tata Consultancy Services Limited System and method for secure transaction of data between wireless communication device and server
USD792511S1 (en) 2010-07-09 2017-07-18 Dynamics Inc. Display with font
USD652076S1 (en) 2010-07-09 2012-01-10 Dynamics Inc. Multiple button interactive electronic card with display
USD651644S1 (en) 2010-07-09 2012-01-03 Dynamics Inc. Interactive electronic card with display
USD653288S1 (en) 2010-07-09 2012-01-31 Dynamics Inc. Multiple button interactive electronic card
USD665022S1 (en) 2010-07-09 2012-08-07 Dynamics Inc. Multiple button interactive electronic card with light source
USD792512S1 (en) 2010-07-09 2017-07-18 Dynamics Inc. Display with font
USD792513S1 (en) 2010-07-09 2017-07-18 Dynamics Inc. Display with font
USD665447S1 (en) 2010-07-09 2012-08-14 Dynamics Inc. Multiple button interactive electronic card with light source and display
USD666241S1 (en) 2010-07-09 2012-08-28 Dynamics Inc. Multiple button interactive electronic card with light source
USD652450S1 (en) 2010-07-09 2012-01-17 Dynamics Inc. Multiple button interactive electronic card
US8336664B2 (en) 2010-07-09 2012-12-25 Telecommunication Systems, Inc. Telematics basic mobile device safety interlock
US8322623B1 (en) 2010-07-26 2012-12-04 Dynamics Inc. Systems and methods for advanced card printing
US10055614B1 (en) 2010-08-12 2018-08-21 Dynamics Inc. Systems and methods for advanced detection mechanisms for magnetic cards and devices
US9053398B1 (en) 2010-08-12 2015-06-09 Dynamics Inc. Passive detection mechanisms for magnetic cards and devices
US10022884B1 (en) 2010-10-15 2018-07-17 Dynamics Inc. Systems and methods for alignment techniques for magnetic cards and devices
US8561894B1 (en) 2010-10-20 2013-10-22 Dynamics Inc. Powered cards and devices designed, programmed, and deployed from a kiosk
US9646240B1 (en) 2010-11-05 2017-05-09 Dynamics Inc. Locking features for powered cards and devices
US8688087B2 (en) 2010-12-17 2014-04-01 Telecommunication Systems, Inc. N-dimensional affinity confluencer
US8942743B2 (en) 2010-12-17 2015-01-27 Telecommunication Systems, Inc. iALERT enhanced alert manager
US9210548B2 (en) 2010-12-17 2015-12-08 Telecommunication Systems, Inc. iALERT enhanced alert manager
US8782397B2 (en) * 2011-01-06 2014-07-15 International Business Machines Corporation Compact attribute for cryptographically protected messages
US20120179903A1 (en) * 2011-01-06 2012-07-12 International Business Machines Corporation Compact attribute for cryptographically protected messages
US10176423B1 (en) 2011-01-23 2019-01-08 Dynamics Inc. Cards and devices with embedded holograms
US8567679B1 (en) 2011-01-23 2013-10-29 Dynamics Inc. Cards and devices with embedded holograms
US9721201B1 (en) 2011-01-23 2017-08-01 Dynamics Inc. Cards and devices with embedded holograms
US8944333B1 (en) 2011-01-23 2015-02-03 Dynamics Inc. Cards and devices with embedded holograms
US10095970B1 (en) 2011-01-31 2018-10-09 Dynamics Inc. Cards including anti-skimming devices
US9818125B2 (en) 2011-02-16 2017-11-14 Dynamics Inc. Systems and methods for information exchange mechanisms for powered cards and devices
US9173059B2 (en) 2011-02-25 2015-10-27 Telecommunication Systems, Inc. Mobile internet protocol (IP) location
US8682321B2 (en) 2011-02-25 2014-03-25 Telecommunication Systems, Inc. Mobile internet protocol (IP) location
US9836680B1 (en) 2011-03-03 2017-12-05 Dynamics Inc. Systems and methods for advanced communication mechanisms for magnetic cards and devices
US10990867B1 (en) 2011-03-03 2021-04-27 Dynamics Inc. Systems and methods for advanced communication mechanisms for magnetic cards and devices
US8485446B1 (en) 2011-03-28 2013-07-16 Dynamics Inc. Shielded magnetic stripe for magnetic cards and devices
US9130963B2 (en) 2011-04-06 2015-09-08 Telecommunication Systems, Inc. Ancillary data support in session initiation protocol (SIP) messaging
US11501217B2 (en) 2011-05-10 2022-11-15 Dynamics Inc. Systems and methods for a mobile electronic wallet
US11100431B2 (en) 2011-05-10 2021-08-24 Dynamics Inc. Systems and methods for mobile authorizations
USD670329S1 (en) 2011-05-12 2012-11-06 Dynamics Inc. Interactive display card
USD676904S1 (en) 2011-05-12 2013-02-26 Dynamics Inc. Interactive display card
USD670332S1 (en) 2011-05-12 2012-11-06 Dynamics Inc. Interactive card
USD670330S1 (en) 2011-05-12 2012-11-06 Dynamics Inc. Interactive card
USD670331S1 (en) 2011-05-12 2012-11-06 Dynamics Inc. Interactive display card
US9881245B1 (en) 2011-05-23 2018-01-30 Dynamics Inc. Systems and methods for sensor mechanisms for magnetic cards and devices
US8628022B1 (en) 2011-05-23 2014-01-14 Dynamics Inc. Systems and methods for sensor mechanisms for magnetic cards and devices
US9349089B1 (en) 2011-05-23 2016-05-24 Dynamics Inc. Systems and methods for sensor mechanisms for magnetic cards and devices
US10936926B1 (en) 2011-05-23 2021-03-02 Dynamics Inc. Systems and methods for sensor mechanisms for magnetic cards and devices
US8827153B1 (en) 2011-07-18 2014-09-09 Dynamics Inc. Systems and methods for waveform generation for dynamic magnetic stripe communications devices
US9402158B2 (en) 2011-09-02 2016-07-26 Telecommunication Systems, Inc. Aggregate location dynometer (ALD)
US9198054B2 (en) 2011-09-02 2015-11-24 Telecommunication Systems, Inc. Aggregate location dynometer (ALD)
US9479344B2 (en) 2011-09-16 2016-10-25 Telecommunication Systems, Inc. Anonymous voice conversation
US9178996B2 (en) 2011-09-30 2015-11-03 Telecommunication Systems, Inc. Unique global identifier header for minimizing prank 911 calls
US9401986B2 (en) 2011-09-30 2016-07-26 Telecommunication Systems, Inc. Unique global identifier header for minimizing prank emergency 911 calls
US8831556B2 (en) 2011-09-30 2014-09-09 Telecommunication Systems, Inc. Unique global identifier header for minimizing prank emergency 911 calls
US11551046B1 (en) 2011-10-19 2023-01-10 Dynamics Inc. Stacked dynamic magnetic stripe commmunications device for magnetic cards and devices
US11409971B1 (en) 2011-10-23 2022-08-09 Dynamics Inc. Programming and test modes for powered cards and devices
US9619741B1 (en) 2011-11-21 2017-04-11 Dynamics Inc. Systems and methods for synchronization mechanisms for magnetic cards and devices
US8960545B1 (en) 2011-11-21 2015-02-24 Dynamics Inc. Data modification for magnetic cards and devices
US10169693B1 (en) 2011-11-21 2019-01-01 Dynamics Inc. Data modification for magnetic cards and devices
US9264537B2 (en) 2011-12-05 2016-02-16 Telecommunication Systems, Inc. Special emergency call treatment based on the caller
US9313637B2 (en) 2011-12-05 2016-04-12 Telecommunication Systems, Inc. Wireless emergency caller profile data delivery over a legacy interface
US8984591B2 (en) 2011-12-16 2015-03-17 Telecommunications Systems, Inc. Authentication via motion of wireless device movement
US9326143B2 (en) 2011-12-16 2016-04-26 Telecommunication Systems, Inc. Authentication via motion of wireless device movement
US9384339B2 (en) 2012-01-13 2016-07-05 Telecommunication Systems, Inc. Authenticating cloud computing enabling secure services
US10062024B1 (en) 2012-02-03 2018-08-28 Dynamics Inc. Systems and methods for spike suppression for dynamic magnetic stripe communications devices
US9710745B1 (en) 2012-02-09 2017-07-18 Dynamics Inc. Systems and methods for automated assembly of dynamic magnetic stripe communications devices
US8888009B1 (en) 2012-02-14 2014-11-18 Dynamics Inc. Systems and methods for extended stripe mechanisms for magnetic cards and devices
US9916992B2 (en) 2012-02-20 2018-03-13 Dynamics Inc. Systems and methods for flexible components for powered cards and devices
US8688174B2 (en) 2012-03-13 2014-04-01 Telecommunication Systems, Inc. Integrated, detachable ear bud device for a wireless phone
US9544260B2 (en) 2012-03-26 2017-01-10 Telecommunication Systems, Inc. Rapid assignment dynamic ownership queue
US9307372B2 (en) 2012-03-26 2016-04-05 Telecommunication Systems, Inc. No responders online
US9734669B1 (en) 2012-04-02 2017-08-15 Dynamics Inc. Cards, devices, systems, and methods for advanced payment game of skill and game of chance functionality
US9338153B2 (en) 2012-04-11 2016-05-10 Telecommunication Systems, Inc. Secure distribution of non-privileged authentication credentials
US11418483B1 (en) 2012-04-19 2022-08-16 Dynamics Inc. Cards, devices, systems, and methods for zone-based network management
US10395156B1 (en) 2012-05-15 2019-08-27 Dynamics Inc. Cards, devices, systems, methods and dynamic security codes
US9033218B1 (en) 2012-05-15 2015-05-19 Dynamics Inc. Cards, devices, systems, methods and dynamic security codes
US9064195B2 (en) 2012-06-29 2015-06-23 Dynamics Inc. Multiple layer card circuit boards
US9313638B2 (en) 2012-08-15 2016-04-12 Telecommunication Systems, Inc. Device independent caller data access for emergency calls
USD687488S1 (en) 2012-08-27 2013-08-06 Dynamics Inc. Interactive electronic card with buttons
USD692053S1 (en) 2012-08-27 2013-10-22 Dynamics Inc. Interactive electronic card with display and button
USD687487S1 (en) 2012-08-27 2013-08-06 Dynamics Inc. Interactive electronic card with display and button
USD729869S1 (en) 2012-08-27 2015-05-19 Dynamics Inc. Interactive electronic card with display and button
USD695636S1 (en) 2012-08-27 2013-12-17 Dynamics Inc. Interactive electronic card with display and buttons
USD729870S1 (en) 2012-08-27 2015-05-19 Dynamics Inc. Interactive electronic card with display and button
USD687490S1 (en) 2012-08-27 2013-08-06 Dynamics Inc. Interactive electronic card with display and button
USD729871S1 (en) 2012-08-27 2015-05-19 Dynamics Inc. Interactive electronic card with display and buttons
USD687887S1 (en) 2012-08-27 2013-08-13 Dynamics Inc. Interactive electronic card with buttons
USD694322S1 (en) 2012-08-27 2013-11-26 Dynamics Inc. Interactive electronic card with display buttons
USD687095S1 (en) 2012-08-27 2013-07-30 Dynamics Inc. Interactive electronic card with buttons
USD730438S1 (en) 2012-08-27 2015-05-26 Dynamics Inc. Interactive electronic card with display and button
USD676487S1 (en) 2012-08-27 2013-02-19 Dynamics Inc. Interactive electronic card with display and buttons
USD675256S1 (en) 2012-08-27 2013-01-29 Dynamics Inc. Interactive electronic card with display and button
USD673606S1 (en) 2012-08-27 2013-01-01 Dynamics Inc. Interactive electronic card with display and buttons
USD730439S1 (en) 2012-08-27 2015-05-26 Dynamics Inc. Interactive electronic card with buttons
USD687489S1 (en) 2012-08-27 2013-08-06 Dynamics Inc. Interactive electronic card with buttons
USD828870S1 (en) 2012-08-27 2018-09-18 Dynamics Inc. Display card
USD688744S1 (en) 2012-08-27 2013-08-27 Dynamics Inc. Interactive electronic card with display and button
US9208346B2 (en) 2012-09-05 2015-12-08 Telecommunication Systems, Inc. Persona-notitia intellection codifier
US11126997B1 (en) 2012-10-02 2021-09-21 Dynamics Inc. Cards, devices, systems, and methods for a fulfillment system
US9215072B1 (en) 2012-10-23 2015-12-15 Authernative, Inc. Back-end matching method supporting front-end knowledge-based probabilistic authentication systems for enhanced credential security
US8955074B2 (en) 2012-10-23 2015-02-10 Authernative, Inc. Authentication method of enumerated pattern of field positions based challenge and enumerated pattern of field positions based response through interaction between two credentials in random partial digitized path recognition system
US8868919B2 (en) 2012-10-23 2014-10-21 Authernative, Inc. Authentication method of field contents based challenge and enumerated pattern of field positions based response in random partial digitized path recognition system
US9010647B2 (en) 2012-10-29 2015-04-21 Dynamics Inc. Multiple sensor detector systems and detection methods of magnetic cards and devices
US10922597B1 (en) 2012-11-05 2021-02-16 Dynamics Inc. Dynamic magnetic stripe communications device with beveled magnetic material for magnetic cards and devices
US9659246B1 (en) 2012-11-05 2017-05-23 Dynamics Inc. Dynamic magnetic stripe communications device with beveled magnetic material for magnetic cards and devices
US11023796B1 (en) 2012-11-30 2021-06-01 Dynamics Inc. Dynamic magnetic stripe communications device with stepped magnetic material for magnetic cards and devices
US10311349B1 (en) 2012-11-30 2019-06-04 Dynamics Inc. Dynamic magnetic stripe communications device with stepped magnetic material for magnetic cards and devices
US9646750B1 (en) 2012-11-30 2017-05-09 Dynamics Inc. Dynamic magnetic stripe communications device with stepped magnetic material for magnetic cards and devices
US9010644B1 (en) 2012-11-30 2015-04-21 Dynamics Inc. Dynamic magnetic stripe communications device with stepped magnetic material for magnetic cards and devices
US9456301B2 (en) 2012-12-11 2016-09-27 Telecommunication Systems, Inc. Efficient prisoner tracking
US10949627B2 (en) 2012-12-20 2021-03-16 Dynamics Inc. Systems and methods for non-time smearing detection mechanisms for magnetic cards and devices
USD765174S1 (en) 2013-03-04 2016-08-30 Dynamics Inc. Interactive electronic card with button
USD765173S1 (en) 2013-03-04 2016-08-30 Dynamics Inc. Interactive electronic card with display and button
USD777252S1 (en) 2013-03-04 2017-01-24 Dynamics Inc. Interactive electronic card with buttons
USD764584S1 (en) 2013-03-04 2016-08-23 Dynamics Inc. Interactive electronic card with buttons
USD751640S1 (en) 2013-03-04 2016-03-15 Dynamics Inc. Interactive electronic card with display and button
USD751639S1 (en) 2013-03-04 2016-03-15 Dynamics Inc. Interactive electronic card with display and button
USD750167S1 (en) 2013-03-04 2016-02-23 Dynamics Inc. Interactive electronic card with buttons
USD750168S1 (en) 2013-03-04 2016-02-23 Dynamics Inc. Interactive electronic card with display and button
USD750166S1 (en) 2013-03-04 2016-02-23 Dynamics Inc. Interactive electronic card with display and buttons
US8983047B2 (en) 2013-03-20 2015-03-17 Telecommunication Systems, Inc. Index of suspicion determination for communications request
US9408034B2 (en) 2013-09-09 2016-08-02 Telecommunication Systems, Inc. Extended area event for network based proximity discovery
USD767024S1 (en) 2013-09-10 2016-09-20 Dynamics Inc. Interactive electronic card with contact connector
USD737373S1 (en) 2013-09-10 2015-08-25 Dynamics Inc. Interactive electronic card with contact connector
US9516104B2 (en) 2013-09-11 2016-12-06 Telecommunication Systems, Inc. Intelligent load balancer enhanced routing
US9301191B2 (en) 2013-09-20 2016-03-29 Telecommunication Systems, Inc. Quality of service to over the top applications used with VPN
US9479897B2 (en) 2013-10-03 2016-10-25 Telecommunication Systems, Inc. SUPL-WiFi access point controller location based services for WiFi enabled mobile devices
US10108891B1 (en) 2014-03-21 2018-10-23 Dynamics Inc. Exchange coupled amorphous ribbons for electronic stripes
US11062188B1 (en) 2014-03-21 2021-07-13 Dynamics Inc Exchange coupled amorphous ribbons for electronic stripes
US9614682B2 (en) * 2014-04-11 2017-04-04 Guardtime IP Holdings, Ltd. System and method for sequential data signatures
US20150295720A1 (en) * 2014-04-11 2015-10-15 Guardtime IP Holdings, Ltd. System and Method for Sequential Data Signatures
US9692770B2 (en) 2014-05-27 2017-06-27 Panasonic Intellectual Property Management Co., Ltd. Signature verification using unidirectional function
US10015159B2 (en) 2014-05-27 2018-07-03 Panasonic Intellectual Property Management Co., Ltd. Terminal authentication system, server device, and terminal authentication method
US10032049B2 (en) 2016-02-23 2018-07-24 Dynamics Inc. Magnetic cards and devices for motorized readers
US10461943B1 (en) * 2016-11-14 2019-10-29 Amazon Technologies, Inc. Transparently scalable virtual hardware security module
US11140140B2 (en) 2016-11-14 2021-10-05 Amazon Technologies, Inc. Virtual cryptographic module with load balancer and cryptographic module fleet
US11502854B2 (en) * 2016-11-14 2022-11-15 Amazon Technologies, Inc. Transparently scalable virtual hardware security module
US11777914B1 (en) 2016-11-14 2023-10-03 Amazon Technologies, Inc. Virtual cryptographic module with load balancer and cryptographic module fleet
US20200059373A1 (en) * 2016-11-14 2020-02-20 Amazon Technologies, Inc. Transparently scalable virtual hardware security module
US11177961B2 (en) * 2017-12-07 2021-11-16 Nec Corporation Method and system for securely sharing validation information using blockchain technology
US11399020B2 (en) 2019-06-28 2022-07-26 HCL Technologies Italy S.p.A System and method for authenticating server identity during connection establishment with client machine

Also Published As

Publication number Publication date
JPH113033A (en) 1999-01-06
EP0807911A2 (en) 1997-11-19
EP0807911A3 (en) 1999-07-07
US6085320A (en) 2000-07-04

Similar Documents

Publication Publication Date Title
US6189098B1 (en) Client/server protocol for proving authenticity
US9160732B2 (en) System and methods for online authentication
US7975139B2 (en) Use and generation of a session key in a secure socket layer connection
US7386720B2 (en) Authentication protocol using a multi-factor asymmetric key pair
US7630493B2 (en) Multiple factor private portion of an asymmetric key
US7689832B2 (en) Biometric-based system and method for enabling authentication of electronic messages sent over a network
US8340287B2 (en) Securing multifactor split key asymmetric crypto keys
US7599493B2 (en) Asymmetric key pair having a kiosk mode
US8213608B2 (en) Roaming utilizing an asymmetric key pair
US7596697B2 (en) Technique for providing multiple levels of security
US6487660B1 (en) Two way authentication protocol
US9185111B2 (en) Cryptographic authentication techniques for mobile devices
EP1500226A1 (en) System and method for storage and retrieval of a cryptographic secret from a plurality of network enabled clients
US20100115277A1 (en) Method and device for mutual authentication
US20050105735A1 (en) Information processing system and method, information processing device and method, recording medium, and program
US7565527B2 (en) Technique for asymmetric crypto-key generation
EP3185504A1 (en) Security management system for securing a communication between a remote server and an electronic device
WO2006078560A2 (en) Roaming utilizing an asymmetric key pair
Verheul SECDSA: Mobile signing and authentication under classical``sole control''
AU2002259074B2 (en) Use and generation of a session key in a secure socket layer connection
Janbandhu Novel biometric digital signature system for electronic commerce applications
Kshemkalyani et al. Authentication in Distributed System
AU2002259074A1 (en) Use and generation of a session key in a secure socket layer connection

Legal Events

Date Code Title Description
STCF Information on status: patent grant

Free format text: PATENTED CASE

FPAY Fee payment

Year of fee payment: 4

FPAY Fee payment

Year of fee payment: 8

AS Assignment

Owner name: RSA SECURITY HOLDING, INC., MASSACHUSETTS

Free format text: ASSIGNMENT OF ASSIGNORS INTEREST;ASSIGNOR:RSA SECURITY LLC;REEL/FRAME:023824/0721

Effective date: 20091222

Owner name: EMC CORPORATION, MASSACHUSETTS

Free format text: ASSIGNMENT OF ASSIGNORS INTEREST;ASSIGNOR:RSA SECURITY HOLDING, INC.;REEL/FRAME:023825/0011

Effective date: 20091231

Owner name: RSA SECURITY HOLDING, INC.,MASSACHUSETTS

Free format text: ASSIGNMENT OF ASSIGNORS INTEREST;ASSIGNOR:RSA SECURITY LLC;REEL/FRAME:023824/0721

Effective date: 20091222

Owner name: EMC CORPORATION,MASSACHUSETTS

Free format text: ASSIGNMENT OF ASSIGNORS INTEREST;ASSIGNOR:RSA SECURITY HOLDING, INC.;REEL/FRAME:023825/0011

Effective date: 20091231

AS Assignment

Owner name: RSA SECURITY LLC, MASSACHUSETTS

Free format text: MERGER;ASSIGNOR:RSA SECURITY INC.;REEL/FRAME:023852/0500

Effective date: 20091221

Owner name: RSA SECURITY LLC,MASSACHUSETTS

Free format text: MERGER;ASSIGNOR:RSA SECURITY INC.;REEL/FRAME:023852/0500

Effective date: 20091221

AS Assignment

Owner name: EMC CORPORATION,MASSACHUSETTS

Free format text: ASSIGNMENT OF ASSIGNORS INTEREST;ASSIGNOR:RSA SECURITY HOLDING, INC.;REEL/FRAME:023975/0151

Effective date: 20091231

Owner name: RSA SECURITY HOLDING, INC.,MASSACHUSETTS

Free format text: ASSIGNMENT OF ASSIGNORS INTEREST;ASSIGNOR:RSA SECURITY LLC;REEL/FRAME:023975/0453

Effective date: 20091222

Owner name: EMC CORPORATION, MASSACHUSETTS

Free format text: ASSIGNMENT OF ASSIGNORS INTEREST;ASSIGNOR:RSA SECURITY HOLDING, INC.;REEL/FRAME:023975/0151

Effective date: 20091231

Owner name: RSA SECURITY HOLDING, INC., MASSACHUSETTS

Free format text: ASSIGNMENT OF ASSIGNORS INTEREST;ASSIGNOR:RSA SECURITY LLC;REEL/FRAME:023975/0453

Effective date: 20091222

FEPP Fee payment procedure

Free format text: PAYOR NUMBER ASSIGNED (ORIGINAL EVENT CODE: ASPN); ENTITY STATUS OF PATENT OWNER: LARGE ENTITY

FPAY Fee payment

Year of fee payment: 12